diff options
13 files changed, 123 insertions, 31 deletions
diff --git a/core/java/android/os/SystemClock.java b/core/java/android/os/SystemClock.java index 7379443877b7..d03a87d82759 100644 --- a/core/java/android/os/SystemClock.java +++ b/core/java/android/os/SystemClock.java @@ -352,7 +352,7 @@ public final class SystemClock { } long currentNanos = elapsedRealtimeNanos(); long deltaMs = (currentNanos - time.getElapsedRealtimeNanos()) / 1000000L; - return time.getTime() + deltaMs; + return time.getUnixEpochTimeMillis() + deltaMs; } }; } diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java index f90055829b89..8efc5eb6b6ff 100644 --- a/core/java/android/security/keymaster/KeymasterDefs.java +++ b/core/java/android/security/keymaster/KeymasterDefs.java @@ -68,6 +68,8 @@ public final class KeymasterDefs { public static final int KM_TAG_RSA_PUBLIC_EXPONENT = Tag.RSA_PUBLIC_EXPONENT; // KM_ULONG | 200; public static final int KM_TAG_INCLUDE_UNIQUE_ID = Tag.INCLUDE_UNIQUE_ID; // KM_BOOL | 202; + public static final int KM_TAG_RSA_OAEP_MGF_DIGEST = Tag.RSA_OAEP_MGF_DIGEST; + // KM_ENUM_REP | 203; public static final int KM_TAG_ACTIVE_DATETIME = Tag.ACTIVE_DATETIME; // KM_DATE | 400; public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = diff --git a/core/java/android/text/format/DateFormat.java b/core/java/android/text/format/DateFormat.java index 537dffc4abf1..d48d566fd860 100755 --- a/core/java/android/text/format/DateFormat.java +++ b/core/java/android/text/format/DateFormat.java @@ -170,7 +170,7 @@ public class DateFormat { * mean using 12-hour in some locales and, in this case, is duplicated as the 'a' field. */ @ChangeId - @EnabledSince(targetSdkVersion = Build.VERSION_CODES.CUR_DEVELOPMENT) + @EnabledSince(targetSdkVersion = Build.VERSION_CODES.UPSIDE_DOWN_CAKE) static final long DISALLOW_DUPLICATE_FIELD_IN_SKELETON = 170233598L; /** diff --git a/core/jni/OWNERS b/core/jni/OWNERS index 14699e7097f4..a068008f5e22 100644 --- a/core/jni/OWNERS +++ b/core/jni/OWNERS @@ -22,7 +22,7 @@ per-file android_view_PointerIcon.* = file:/services/core/java/com/android/serve # WindowManager per-file android_graphics_BLASTBufferQueue.cpp = file:/services/core/java/com/android/server/wm/OWNERS per-file android_view_Surface* = file:/services/core/java/com/android/server/wm/OWNERS -per-file android_window_WindowInfosListener.cpp = file:/services/core/java/com/android/server/wm/OWNERS +per-file android_window_* = file:/services/core/java/com/android/server/wm/OWNERS # Resources per-file android_content_res_* = file:/core/java/android/content/res/OWNERS diff --git a/keystore/java/android/security/keystore/KeyProperties.java b/keystore/java/android/security/keystore/KeyProperties.java index d9a7994d6c4a..dbd918e35d70 100644 --- a/keystore/java/android/security/keystore/KeyProperties.java +++ b/keystore/java/android/security/keystore/KeyProperties.java @@ -29,6 +29,8 @@ import libcore.util.EmptyArray; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.MGF1ParameterSpec; import java.util.Collection; import java.util.Locale; @@ -675,6 +677,26 @@ public abstract class KeyProperties { } } + /** + * @hide + */ + @NonNull public static @DigestEnum + AlgorithmParameterSpec fromKeymasterToMGF1ParameterSpec(int digest) { + switch (digest) { + default: + case KeymasterDefs.KM_DIGEST_SHA1: + return MGF1ParameterSpec.SHA1; + case KeymasterDefs.KM_DIGEST_SHA_2_224: + return MGF1ParameterSpec.SHA224; + case KeymasterDefs.KM_DIGEST_SHA_2_256: + return MGF1ParameterSpec.SHA256; + case KeymasterDefs.KM_DIGEST_SHA_2_384: + return MGF1ParameterSpec.SHA384; + case KeymasterDefs.KM_DIGEST_SHA_2_512: + return MGF1ParameterSpec.SHA512; + } + } + @NonNull public static @DigestEnum String fromKeymasterToSignatureAlgorithmDigest(int digest) { switch (digest) { diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java index e808c5cc51bd..7571e44a7713 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreCipherSpiBase.java @@ -69,6 +69,7 @@ import javax.crypto.spec.SecretKeySpec; */ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStoreCryptoOperation { private static final String TAG = "AndroidKeyStoreCipherSpiBase"; + public static final String DEFAULT_MGF1_DIGEST = "SHA-1"; // Fields below are populated by Cipher.init and KeyStore.begin and should be preserved after // doFinal finishes. @@ -133,24 +134,28 @@ abstract class AndroidKeyStoreCipherSpiBase extends CipherSpi implements KeyStor if ("RSA/ECB/OAEPWithSHA-224AndMGF1Padding".equals(transform)) { OAEPParameterSpec spec = new OAEPParameterSpec("SHA-224", "MGF1", - new MGF1ParameterSpec("SHA1"), PSource.PSpecified.DEFAULT); + new MGF1ParameterSpec(DEFAULT_MGF1_DIGEST), + PSource.PSpecified.DEFAULT); mCipher.init(opmode, key, spec, random); } else if ("RSA/ECB/OAEPWithSHA-256AndMGF1Padding".equals(transform)) { OAEPParameterSpec spec = new OAEPParameterSpec("SHA-256", "MGF1", - new MGF1ParameterSpec("SHA1"), PSource.PSpecified.DEFAULT); + new MGF1ParameterSpec(DEFAULT_MGF1_DIGEST), + PSource.PSpecified.DEFAULT); mCipher.init(opmode, key, spec, random); } else if ("RSA/ECB/OAEPWithSHA-384AndMGF1Padding".equals(transform)) { OAEPParameterSpec spec = new OAEPParameterSpec("SHA-384", "MGF1", - new MGF1ParameterSpec("SHA1"), PSource.PSpecified.DEFAULT); + new MGF1ParameterSpec(DEFAULT_MGF1_DIGEST), + PSource.PSpecified.DEFAULT); mCipher.init(opmode, key, spec, random); } else if ("RSA/ECB/OAEPWithSHA-512AndMGF1Padding".equals(transform)) { OAEPParameterSpec spec = new OAEPParameterSpec("SHA-512", "MGF1", - new MGF1ParameterSpec("SHA1"), PSource.PSpecified.DEFAULT); + new MGF1ParameterSpec(DEFAULT_MGF1_DIGEST), + PSource.PSpecified.DEFAULT); mCipher.init(opmode, key, spec, random); } else { mCipher.init(opmode, key, random); diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java index cdc1085a5015..acc0005154b4 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -16,6 +16,8 @@ package android.security.keystore2; +import static android.security.keystore2.AndroidKeyStoreCipherSpiBase.DEFAULT_MGF1_DIGEST; + import android.annotation.NonNull; import android.annotation.Nullable; import android.app.ActivityThread; @@ -908,6 +910,26 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato params.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_PADDING, padding )); + if (padding == KeymasterDefs.KM_PAD_RSA_OAEP) { + final boolean[] hasDefaultMgf1DigestBeenAdded = {false}; + ArrayUtils.forEach(mKeymasterDigests, (digest) -> { + params.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, digest + )); + hasDefaultMgf1DigestBeenAdded[0] |= + digest.equals(KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST)); + }); + /* Because of default MGF1 digest is SHA-1. It has to be added in Key + * characteristics. Otherwise, crypto operations will fail with Incompatible + * MGF1 digest. + */ + if (!hasDefaultMgf1DigestBeenAdded[0]) { + params.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, + KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST) + )); + } + } }); ArrayUtils.forEach(mKeymasterSignaturePaddings, (padding) -> { params.add(KeyStore2ParameterUtils.makeEnum( diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java index 5848247809e7..e9b66aafc262 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreRSACipherSpi.java @@ -161,10 +161,11 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase */ abstract static class OAEPWithMGF1Padding extends AndroidKeyStoreRSACipherSpi { - private static final String MGF_ALGORITGM_MGF1 = "MGF1"; + private static final String MGF_ALGORITHM_MGF1 = "MGF1"; private int mKeymasterDigest = -1; private int mDigestOutputSizeBytes; + private int mKeymasterMgf1Digest = KeymasterDefs.KM_DIGEST_SHA1; // Default MGF1 digest OAEPWithMGF1Padding(int keymasterDigest) { super(KeymasterDefs.KM_PAD_RSA_OAEP); @@ -189,10 +190,10 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase + ". Only OAEPParameterSpec supported"); } OAEPParameterSpec spec = (OAEPParameterSpec) params; - if (!MGF_ALGORITGM_MGF1.equalsIgnoreCase(spec.getMGFAlgorithm())) { + if (!MGF_ALGORITHM_MGF1.equalsIgnoreCase(spec.getMGFAlgorithm())) { throw new InvalidAlgorithmParameterException( "Unsupported MGF: " + spec.getMGFAlgorithm() - + ". Only " + MGF_ALGORITGM_MGF1 + " supported"); + + ". Only " + MGF_ALGORITHM_MGF1 + " supported"); } String jcaDigest = spec.getDigestAlgorithm(); int keymasterDigest; @@ -225,11 +226,6 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase } MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec) mgfParams; String mgf1JcaDigest = mgfSpec.getDigestAlgorithm(); - if (!KeyProperties.DIGEST_SHA1.equalsIgnoreCase(mgf1JcaDigest)) { - throw new InvalidAlgorithmParameterException( - "Unsupported MGF1 digest: " + mgf1JcaDigest - + ". Only " + KeyProperties.DIGEST_SHA1 + " supported"); - } PSource pSource = spec.getPSource(); if (!(pSource instanceof PSource.PSpecified)) { throw new InvalidAlgorithmParameterException( @@ -244,6 +240,7 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase + ". Only pSpecifiedEmpty (PSource.PSpecified.DEFAULT) supported"); } mKeymasterDigest = keymasterDigest; + mKeymasterMgf1Digest = KeyProperties.Digest.toKeymaster(mgf1JcaDigest); mDigestOutputSizeBytes = (KeymasterUtils.getDigestOutputSizeBits(keymasterDigest) + 7) / 8; } @@ -273,10 +270,10 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase protected final AlgorithmParameters engineGetParameters() { OAEPParameterSpec spec = new OAEPParameterSpec( - KeyProperties.Digest.fromKeymaster(mKeymasterDigest), - MGF_ALGORITGM_MGF1, - MGF1ParameterSpec.SHA1, - PSource.PSpecified.DEFAULT); + KeyProperties.Digest.fromKeymaster(mKeymasterDigest), + MGF_ALGORITHM_MGF1, + KeyProperties.Digest.fromKeymasterToMGF1ParameterSpec(mKeymasterMgf1Digest), + PSource.PSpecified.DEFAULT); try { AlgorithmParameters params = AlgorithmParameters.getInstance("OAEP"); params.init(spec); @@ -298,6 +295,9 @@ abstract class AndroidKeyStoreRSACipherSpi extends AndroidKeyStoreCipherSpiBase parameters.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest )); + parameters.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, mKeymasterMgf1Digest + )); } @Override diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java index 33411e1ec5b9..9d424e904d59 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java @@ -16,6 +16,8 @@ package android.security.keystore2; +import static android.security.keystore2.AndroidKeyStoreCipherSpiBase.DEFAULT_MGF1_DIGEST; + import android.annotation.NonNull; import android.hardware.biometrics.BiometricManager; import android.hardware.security.keymint.HardwareAuthenticatorType; @@ -511,6 +513,28 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeymasterDefs.KM_TAG_PADDING, padding )); + if (padding == KeymasterDefs.KM_PAD_RSA_OAEP) { + if (spec.isDigestsSpecified()) { + boolean hasDefaultMgf1DigestBeenAdded = false; + for (String digest : spec.getDigests()) { + importArgs.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, + KeyProperties.Digest.toKeymaster(digest) + )); + hasDefaultMgf1DigestBeenAdded |= digest.equals(DEFAULT_MGF1_DIGEST); + } + /* Because of default MGF1 digest is SHA-1. It has to be added in Key + * characteristics. Otherwise, crypto operations will fail with Incompatible + * MGF1 digest. + */ + if (!hasDefaultMgf1DigestBeenAdded) { + importArgs.add(KeyStore2ParameterUtils.makeEnum( + KeymasterDefs.KM_TAG_RSA_OAEP_MGF_DIGEST, + KeyProperties.Digest.toKeymaster(DEFAULT_MGF1_DIGEST) + )); + } + } + } } for (String padding : spec.getSignaturePaddings()) { importArgs.add(KeyStore2ParameterUtils.makeEnum( diff --git a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java index dcdd7defd752..54955c6b7fab 100644 --- a/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java +++ b/keystore/java/android/security/keystore2/KeyStore2ParameterUtils.java @@ -78,6 +78,7 @@ public abstract class KeyStore2ParameterUtils { kp.value = KeyParameterValue.blockMode(v); break; case Tag.DIGEST: + case Tag.RSA_OAEP_MGF_DIGEST: kp.value = KeyParameterValue.digest(v); break; case Tag.EC_CURVE: diff --git a/location/java/android/location/LocationTime.java b/location/java/android/location/LocationTime.java index e5535d192776..2f03508fbb15 100644 --- a/location/java/android/location/LocationTime.java +++ b/location/java/android/location/LocationTime.java @@ -20,28 +20,32 @@ import android.annotation.NonNull; import android.os.Parcel; import android.os.Parcelable; +import java.time.Duration; +import java.time.Instant; + /** - * Data class for passing location derived time. + * Data class for passing GNSS-derived time. * @hide */ public final class LocationTime implements Parcelable { - private final long mTime; + private final long mUnixEpochTimeMillis; private final long mElapsedRealtimeNanos; - public LocationTime(long time, long elapsedRealtimeNanos) { - mTime = time; + public LocationTime(long unixEpochTimeMillis, long elapsedRealtimeNanos) { + mUnixEpochTimeMillis = unixEpochTimeMillis; mElapsedRealtimeNanos = elapsedRealtimeNanos; } /** - * The current time, according to the Gnss location provider. */ - public long getTime() { - return mTime; + * The Unix epoch time in millis, according to the Gnss location provider. + */ + public long getUnixEpochTimeMillis() { + return mUnixEpochTimeMillis; } /** - * The elapsed nanos since boot {@link #getTime} was computed at. + * The elapsed nanos since boot when {@link #getUnixEpochTimeMillis} was the current time. */ public long getElapsedRealtimeNanos() { return mElapsedRealtimeNanos; @@ -49,7 +53,7 @@ public final class LocationTime implements Parcelable { @Override public void writeToParcel(Parcel out, int flags) { - out.writeLong(mTime); + out.writeLong(mUnixEpochTimeMillis); out.writeLong(mElapsedRealtimeNanos); } @@ -58,8 +62,18 @@ public final class LocationTime implements Parcelable { return 0; } + @Override + public String toString() { + return "LocationTime{" + + "mUnixEpochTimeMillis=" + Instant.ofEpochMilli(mUnixEpochTimeMillis) + + "(" + mUnixEpochTimeMillis + ")" + + ", mElapsedRealtimeNanos=" + Duration.ofNanos(mElapsedRealtimeNanos) + + "(" + mElapsedRealtimeNanos + ")" + + '}'; + } + public static final @NonNull Parcelable.Creator<LocationTime> CREATOR = - new Parcelable.Creator<LocationTime>() { + new Parcelable.Creator<>() { public LocationTime createFromParcel(Parcel in) { long time = in.readLong(); long elapsedRealtimeNanos = in.readLong(); diff --git a/packages/CredentialManager/OWNERS b/packages/CredentialManager/OWNERS new file mode 100644 index 000000000000..f3b43c171025 --- /dev/null +++ b/packages/CredentialManager/OWNERS @@ -0,0 +1 @@ +include /core/java/android/credentials/OWNERS diff --git a/services/core/java/com/android/server/timedetector/GnssTimeUpdateService.java b/services/core/java/com/android/server/timedetector/GnssTimeUpdateService.java index 5db60005b175..694919115602 100644 --- a/services/core/java/com/android/server/timedetector/GnssTimeUpdateService.java +++ b/services/core/java/com/android/server/timedetector/GnssTimeUpdateService.java @@ -261,10 +261,11 @@ public final class GnssTimeUpdateService extends Binder { private void suggestGnssTime(LocationTime locationTime) { logDebug("suggestGnssTime()"); - long gnssTime = locationTime.getTime(); + long gnssUnixEpochTimeMillis = locationTime.getUnixEpochTimeMillis(); long elapsedRealtimeMs = locationTime.getElapsedRealtimeNanos() / 1_000_000L; - TimestampedValue<Long> timeSignal = new TimestampedValue<>(elapsedRealtimeMs, gnssTime); + TimestampedValue<Long> timeSignal = + new TimestampedValue<>(elapsedRealtimeMs, gnssUnixEpochTimeMillis); mLastSuggestedGnssTime = timeSignal; GnssTimeSuggestion timeSuggestion = new GnssTimeSuggestion(timeSignal); |