From 934cd662e5bfe05289fc8c9b6348d3af5abd7b23 Mon Sep 17 00:00:00 2001 From: Eric Biggers Date: Fri, 23 Feb 2024 18:57:43 +0000 Subject: Remove unused references to android.security.KeyStore Many files that reference android.security.KeyStore don't actually do anything with it. This is apparently because the functionality of this class got moved to other places, but it was forgotten to remove the actual references to the class. This CL removes all such references from frameworks/base. Where made possible by removing an import of android.security.KeyStore, it also updates references to java.security.KeyStore to be simply KeyStore. java.security.KeyStore is the real KeyStore that is part of the public API. Bug: 326508120 Test: presubmit Change-Id: Ie63b8dfc8bb562b33e6e529d537bde64ae2c6d53 --- .../security/keystore/AndroidKeyStoreProvider.java | 22 +++++++++++----------- .../security/keystore/KeyGenParameterSpec.java | 2 +- .../android/security/keystore/KeyProtection.java | 7 ++++--- .../security/keystore/KeyStoreCryptoOperation.java | 8 +++----- .../keystore2/AndroidKeyStoreKeyFactorySpi.java | 3 --- .../keystore2/AndroidKeyStoreProvider.java | 7 +++---- .../AndroidKeyStoreSecretKeyFactorySpi.java | 3 --- .../keystore2/KeyStoreCryptoOperationStreamer.java | 5 ++--- 8 files changed, 24 insertions(+), 33 deletions(-) (limited to 'keystore/java') diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java index 62fe54f1f089..ef03d3a3b286 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java @@ -19,9 +19,9 @@ package android.security.keystore; import android.annotation.NonNull; import android.annotation.SystemApi; import android.compat.annotation.UnsupportedAppUsage; -import android.security.KeyStore; import java.io.IOException; +import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; @@ -47,13 +47,13 @@ public class AndroidKeyStoreProvider extends Provider { } /** - * Gets the {@link KeyStore} operation handle corresponding to the provided JCA crypto + * Gets the Android KeyStore operation handle corresponding to the provided JCA crypto * primitive. * *

The following primitives are supported: {@link Cipher} and {@link Mac}. * - * @return KeyStore operation handle or {@code 0} if the provided primitive's KeyStore operation - * is not in progress. + * @return Android KeyStore operation handle or {@code 0} if the provided primitive's Android + * KeyStore operation is not in progress. * * @throws IllegalArgumentException if the provided primitive is not supported or is not backed * by AndroidKeyStore provider. @@ -67,10 +67,10 @@ public class AndroidKeyStoreProvider extends Provider { } /** - * Returns an {@code AndroidKeyStore} {@link java.security.KeyStore}} of the specified UID. - * The {@code KeyStore} contains keys and certificates owned by that UID. Such cross-UID - * access is permitted to a few system UIDs and only to a few other UIDs (e.g., Wi-Fi, VPN) - * all of which are system. + * Returns an {@code AndroidKeyStore} {@link KeyStore} of the specified UID. The {@code + * KeyStore} contains keys and certificates owned by that UID. Such cross-UID access is + * permitted to a few system UIDs and only to a few other UIDs (e.g., Wi-Fi, VPN) all of which + * are system. * *

Note: the returned {@code KeyStore} is already initialized/loaded. Thus, there is * no need to invoke {@code load} on it. @@ -84,12 +84,12 @@ public class AndroidKeyStoreProvider extends Provider { */ @SystemApi @NonNull - public static java.security.KeyStore getKeyStoreForUid(int uid) + public static KeyStore getKeyStoreForUid(int uid) throws KeyStoreException, NoSuchProviderException { - final java.security.KeyStore.LoadStoreParameter loadParameter = + final KeyStore.LoadStoreParameter loadParameter = new android.security.keystore2.AndroidKeyStoreLoadStoreParameter( KeyProperties.legacyUidToNamespace(uid)); - java.security.KeyStore result = java.security.KeyStore.getInstance(PROVIDER_NAME); + KeyStore result = KeyStore.getInstance(PROVIDER_NAME); try { result.load(loadParameter); } catch (NoSuchAlgorithmException | CertificateException | IOException e) { diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 244fe3033dca..7aecfd8d4a0d 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -910,7 +910,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Returns whether this key is critical to the device encryption flow. * - * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION + * @see Builder#setCriticalToDeviceEncryption(boolean) * @hide */ public boolean isCriticalToDeviceEncryption() { diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 2495d1a85864..31b4a5eac619 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -569,7 +569,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { /** * Return whether this key is critical to the device encryption flow. * - * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION + * @see Builder#setCriticalToDeviceEncryption(boolean) * @hide */ public boolean isCriticalToDeviceEncryption() { @@ -1105,9 +1105,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * Set whether this key is critical to the device encryption flow * * This is a special flag only available to system servers to indicate the current key - * is part of the device encryption flow. + * is part of the device encryption flow. Setting this flag causes the key to not + * be cryptographically bound to the LSKF even if the key is otherwise authentication + * bound. * - * @see android.security.KeyStore#FLAG_CRITICAL_TO_DEVICE_ENCRYPTION * @hide */ public Builder setCriticalToDeviceEncryption(boolean critical) { diff --git a/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java index 2c709ae1ac5b..c42c9e4d99a6 100644 --- a/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java @@ -16,18 +16,16 @@ package android.security.keystore; -import android.security.KeyStore; - /** - * Cryptographic operation backed by {@link KeyStore}. + * Cryptographic operation backed by Android KeyStore. * * @hide */ public interface KeyStoreCryptoOperation { /** - * Gets the KeyStore operation handle of this crypto operation. + * Gets the Android KeyStore operation handle of this crypto operation. * - * @return handle or {@code 0} if the KeyStore operation is not in progress. + * @return handle or {@code 0} if the Android KeyStore operation is not in progress. */ long getOperationHandle(); } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java index a8dd7f3f8b14..8eca67f090d4 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyFactorySpi.java @@ -16,7 +16,6 @@ package android.security.keystore2; -import android.security.KeyStore; import android.security.keystore.KeyGenParameterSpec; import android.security.keystore.KeyInfo; @@ -39,8 +38,6 @@ import java.security.spec.X509EncodedKeySpec; */ public class AndroidKeyStoreKeyFactorySpi extends KeyFactorySpi { - private final KeyStore mKeyStore = KeyStore.getInstance(); - @Override protected T engineGetKeySpec(Key key, Class keySpecClass) throws InvalidKeySpecException { diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java index d204f13d4d78..99100de12684 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java @@ -17,7 +17,6 @@ package android.security.keystore2; import android.annotation.NonNull; -import android.security.KeyStore; import android.security.KeyStore2; import android.security.KeyStoreSecurityLevel; import android.security.keymaster.KeymasterDefs; @@ -161,13 +160,13 @@ public class AndroidKeyStoreProvider extends Provider { } /** - * Gets the {@link KeyStore} operation handle corresponding to the provided JCA crypto + * Gets the Android KeyStore operation handle corresponding to the provided JCA crypto * primitive. * *

The following primitives are supported: {@link Cipher}, {@link Signature} and {@link Mac}. * - * @return KeyStore operation handle or {@code 0} if the provided primitive's KeyStore operation - * is not in progress. + * @return Android KeyStore operation handle or {@code 0} if the provided primitive's Android + * KeyStore operation is not in progress. * * @throws IllegalArgumentException if the provided primitive is not supported or is not backed * by AndroidKeyStore provider. diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java index 97592b44ba2e..27ff50c743b1 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSecretKeyFactorySpi.java @@ -18,7 +18,6 @@ package android.security.keystore2; import android.annotation.NonNull; import android.security.GateKeeper; -import android.security.KeyStore; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import android.security.keystore.KeyGenParameterSpec; @@ -46,8 +45,6 @@ import javax.crypto.spec.SecretKeySpec; */ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { - private final KeyStore mKeyStore = KeyStore.getInstance(); - @Override protected KeySpec engineGetKeySpec(SecretKey key, @SuppressWarnings("rawtypes") Class keySpecClass) throws InvalidKeySpecException { diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java index 07d6a69eda01..5bd98bce9f39 100644 --- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java +++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationStreamer.java @@ -16,12 +16,11 @@ package android.security.keystore2; -import android.security.KeyStore; import android.security.KeyStoreException; /** - * Helper for streaming a crypto operation's input and output via {@link KeyStore} service's - * {@code update} and {@code finish} operations. + * Helper for streaming a crypto operation's input and output via KeyStore service's {@code update} + * and {@code finish} operations. * *

The helper abstracts away to issues that need to be solved in most code that uses KeyStore's * update and finish operations. Firstly, KeyStore's update operation can consume only a limited -- cgit v1.2.3-59-g8ed1b