Crypto primitives' getSpi has a side-effect which modifies the state
of the primitive: it selects an SPI implementation if it hasn't been
selected yet (e.g., Cipher.getInstance("AES") doesn't select an SPI
implementation until Cipher.init). The new method getCurrentSpi has
no side-effects: it simply returns null if no SPI implementation is
selected. The switch to getCurrentSpi lets us avoid side-effects and
throw a more pertinent exception when no SPI is yet selected.
(cherry-picked from bdc1382ac575a06c98cab69117700e081c90c595)
Bug: 18088752
Change-Id: Ib369c7e988329315075aa4e18f720d86f3d96a93
begin now returns OP_AUTH_REQUIRED for per operations with per op
authorization instead of NO_ERROR.
(cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9)
Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
This flag causes issues such as being unable to generate, import, or
use keys when the user/profile secure lock screen credential hasn't
yet been entered after boot.
Bug: 18088752
Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
Uri provides a stronger guarantee of well-formedness and lets apps do
nice extra things like specifying scheme etc. without twisting any
expectations.
Bug: 20820034
Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
When Android KeyStore loads an HMAC key, it needs to compose the JCA
key algorithm name (e.g., HmacSHA256) based on the digests the key is
authorized for. A key can be authorized for multiple digests. Thus,
the approach is to use the first one for constructing the JCA key
algorithm name.
This CL ensures that when importing HMAC keys the first KM_TAG_DIGEST
tag is set to the digest of the JCA key algorithm name.
Bug: 18088752
Change-Id: I911ca7427b249ee823d06e988687af6146ebaff8
This moves constants/flags declared in inner classes of
KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API
Council.
Bug: 21039983
Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c
This gets rid of EcIesParameterSpec.PointFormat by moving the
constants into EcIesParameterSpec, prefixed with POINT_FORMAT_.
Bug: 21039983
Change-Id: I7a76bb84e0394db9c7f5b0d53526915d5bbdd511
This updates the Javadocs of AndroidKeyStore methods which take
constants defined in KeyStoreKeyProperties to contain a link to
the corresponding set of constants and an example of a couple of
accepted constants, to make it easier to understand and find out
what constants to use.
Bug: 18088752
Change-Id: I338134ef136db62a7caca782cb59dbebdc996670
This is to enable Android Lint and Android Studio to flag nullness
issues at compile time.
Bug: 18088752
Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
Keystore's begin operation now requires parameters which describe the
operation (e.g., algorithm, block mode, padding). This adjusts
KeyStoreTest to provide the necessary parameters.
(cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110)
Bug: 19509156
Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
This also drops the boolean parameter from
KeyGeneratorSpec.Builder.setEncryptionRequired to match the already
launched KeyPairGeneratorSpec.Builder.setEncryptionRequired.
Bug: 18088752
Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
This adds more detailed class-level Javadocs (incl. examples) for the
following public API of Android KeyStore facility:
* KeyPairGeneratorSpec,
* KeyGeneratorSpec,
* KeyStoreParameter,
* KeyStoreKeySpec.
This also clarifies what encryption at rest means.
Bug: 18088752
Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
KeyGenerator.init is supposed to check whether all provided parameters
are OK. This is because KeyGenerator.generateKey cannot throw checked
exceptions. This CL makes AndroidKeyStore KeyGenerator implementation
do just that. Unfortunately, keymaster/kestore doesn't provide a way
to check whether all the parameters are OK without actually generating
a key. Thus, this KeyGenerator does its best inside init method
(before Keymaster is called), and then surfaces any remaining issues
(flagged by Keymaster/keystore) as unchecked IllegalStateException.
Bug: 18088752
Change-Id: I9a04da880dcbe26c37f41d1477e41bdc74db04c9
The Javadoc incorrectly stated that:
* 0 means authentication required for every use.
* -1 means that timeout is not specified and the key can be any time.
Bug: 18088752
Change-Id: Ie5f37e74dc207f23443527ac1725ae8a37213d75
This defines the String enum values based on JCA standard names for
key algorithm, block mode, padding schemes, and digests. This should
make it safer to interact with AndroidKeyStore code that uses JCA
strings. This was requested by API Council.
Bug: 18088752
Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
This switches to ProviderException in most places in AndroidKeyStore
primitives where checked exceptions cannot be thrown. This is to
follow JCA design.
KeyStoreKeyGeneratorSpi is not touched by this CL because there's
another CL already doing that.
Bug: 18088752
Change-Id: If7e93042f973334b9bba004f5a330f831c1e77c1
This makes AndroidKeyStore Cipher and KeyGenerator implementations mix
in additional entropy into keymaster's RNG regardless of whether they
were provided with a SecureRandom instance.
In practice, they are always provided with a SecureRandom instance.
However, to be safe, when no SecureRandom instance is provided the
code now uses a platform-default SecureRandom implementation.
Bug: 18088752
Change-Id: I85bca30d7bdc82c2a342094dcbe6044e48a63dca
This propagates the concept that 0 is an invalid crypto operation
handle to the outside of AndroidKeyStore abstraction.
Bug: 20864436
Change-Id: I1e5abb66c5d41d8fc32aac44372495a708c2b6e2
This converts KM_ERROR_CALLER_NONCE_PROHIBITED into
InvalidAlgorithmParameterSpec, as expected by the contract of JCA
Cipher.
Bug: 18088752
Change-Id: I6a01e2d7118c478b27a0d7a5a14a127de8913755
FingerprintService is a lower layer of abstraction which should
ideally be accessed only via FingerprintManager from
AndroidKeyStore.
The main issue with the switch is that it requires a reference to a
Context. This is now obtained using ActivityThread's hidden API.
Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa
* MAC length is now specified as a parameters to the begin operation
instead of as a parameter at key generation/import time.
* KM_TAG_MAC_LENGTH is now in bits instead of in bytes.
Change-Id: I752fe232d11d3ac39a575a48948215d84ded8fb9
This makes symmetric Cipher and Mac implementations backed by
AndroidKeyStore succeed in their initialization when the key is
configured to require user authentication for every use. Users
of such keys should obtain an instance of Cipher or Mac, initialize
it with the key, and then authorize the operation by passing this
Cipher or Mac instance to FingerprintManager.authenticate.
Bug: 18088752
Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1
Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac,
Signature, and KeyAgreement implementations accept arbitrary keys (
including AndroidKeyStore keys). As a result, when a Cipher, Mac,
Signature, or KeyAgreement instance is requested from JCA without
explicitly specifying the provider (which follows best practices)
and then initialied with an AndroidKeyStore key, JCA chooses the
BouncyCastle's implementation, which in turn blows up because it
can't handle such keys.
The workaround is to install Cipher, Mac, Signature, and
KeyAgreement implementations backed by AndroidKeyStore as a
higher-priority JCA provider than the Bouncy Castle one. This is
achieved by splitting out the above implementations from
AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider
and installing the AndroidKeyStoreProvider at the usual priority
(below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider
at above Bouncy Castle priority.
Bug: 20691708
Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
This enables users of AndroidKeyStore crypto to differentiate between
the key being unusable until the user is authenticated
(UserNotAuthenticatedException) and the key being permanently unusable
(KeyPermanentlyInvalidatedException). The latter is the case when the
secure lock screen has been disabled or reset, and, for keys that
require user authentication for every use, when a new fingerprint is
enrolled or all fingerprints are unenrolled.
NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the
NewFingerprintEnrolledException which has thus been removed. There
is no way to find out whether a key was permenently invalidated
specifically because a new fingerprint was added.
Bug: 20642549
Bug: 20526234
Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
