am 90c9e4eb: Merge "Keymaster key validity dates are optional." into mnc-dev
* commit '90c9e4eb54a9c4b4fbc821b1992f2aee2f2b1e8c': Keymaster key validity dates are optional.
This commit is contained in:
Alex Klyubin
@@ -85,6 +85,12 @@ public class KeymasterArguments implements Parcelable {
|
||||
mArguments.add(new KeymasterDateArgument(tag, value));
|
||||
}
|
||||
|
||||
public void addDateIfNotNull(int tag, Date value) {
|
||||
if (value != null) {
|
||||
mArguments.add(new KeymasterDateArgument(tag, value));
|
||||
}
|
||||
}
|
||||
|
||||
private KeymasterArgument getArgumentByTag(int tag) {
|
||||
for (KeymasterArgument arg : mArguments) {
|
||||
if (arg.tag == tag) {
|
||||
|
||||
@@ -31,7 +31,6 @@ import java.security.ProviderException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
|
||||
import javax.crypto.KeyGeneratorSpi;
|
||||
import javax.crypto.SecretKey;
|
||||
@@ -278,15 +277,11 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
|
||||
KeymasterUtils.addUserAuthArgs(args,
|
||||
spec.isUserAuthenticationRequired(),
|
||||
spec.getUserAuthenticationValidityDurationSeconds());
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(spec.getKeyValidityStart() != null)
|
||||
? spec.getKeyValidityStart() : new Date(0));
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForOriginationEnd() != null)
|
||||
? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForConsumptionEnd() != null)
|
||||
? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForOriginationEnd());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForConsumptionEnd());
|
||||
|
||||
if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0)
|
||||
&& (!spec.isRandomizedEncryptionRequired())) {
|
||||
|
||||
@@ -415,15 +415,11 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato
|
||||
KeymasterUtils.addUserAuthArgs(args,
|
||||
mSpec.isUserAuthenticationRequired(),
|
||||
mSpec.getUserAuthenticationValidityDurationSeconds());
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(mSpec.getKeyValidityStart() != null)
|
||||
? mSpec.getKeyValidityStart() : new Date(0));
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(mSpec.getKeyValidityForOriginationEnd() != null)
|
||||
? mSpec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(mSpec.getKeyValidityForConsumptionEnd() != null)
|
||||
? mSpec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
mSpec.getKeyValidityForOriginationEnd());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
mSpec.getKeyValidityForConsumptionEnd());
|
||||
addAlgorithmSpecificParameters(args);
|
||||
|
||||
byte[] additionalEntropy =
|
||||
|
||||
@@ -147,21 +147,10 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
||||
}
|
||||
|
||||
Date keyValidityStart = keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME);
|
||||
if ((keyValidityStart != null) && (keyValidityStart.getTime() <= 0)) {
|
||||
keyValidityStart = null;
|
||||
}
|
||||
Date keyValidityForOriginationEnd =
|
||||
keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME);
|
||||
if ((keyValidityForOriginationEnd != null)
|
||||
&& (keyValidityForOriginationEnd.getTime() == Long.MAX_VALUE)) {
|
||||
keyValidityForOriginationEnd = null;
|
||||
}
|
||||
Date keyValidityForConsumptionEnd =
|
||||
keyCharacteristics.getDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME);
|
||||
if ((keyValidityForConsumptionEnd != null)
|
||||
&& (keyValidityForConsumptionEnd.getTime() == Long.MAX_VALUE)) {
|
||||
keyValidityForConsumptionEnd = null;
|
||||
}
|
||||
boolean userAuthenticationRequired =
|
||||
!keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
|
||||
int userAuthenticationValidityDurationSeconds =
|
||||
|
||||
@@ -435,17 +435,12 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
|
||||
KeymasterUtils.addUserAuthArgs(importArgs,
|
||||
spec.isUserAuthenticationRequired(),
|
||||
spec.getUserAuthenticationValidityDurationSeconds());
|
||||
importArgs.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(spec.getKeyValidityStart() != null)
|
||||
? spec.getKeyValidityStart() : new Date(0));
|
||||
importArgs.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForOriginationEnd() != null)
|
||||
? spec.getKeyValidityForOriginationEnd()
|
||||
: new Date(Long.MAX_VALUE));
|
||||
importArgs.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForConsumptionEnd() != null)
|
||||
? spec.getKeyValidityForConsumptionEnd()
|
||||
: new Date(Long.MAX_VALUE));
|
||||
importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
spec.getKeyValidityStart());
|
||||
importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForOriginationEnd());
|
||||
importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForConsumptionEnd());
|
||||
} catch (IllegalArgumentException e) {
|
||||
throw new KeyStoreException("Invalid parameter", e);
|
||||
}
|
||||
@@ -646,15 +641,11 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi {
|
||||
KeymasterUtils.addUserAuthArgs(args,
|
||||
params.isUserAuthenticationRequired(),
|
||||
params.getUserAuthenticationValidityDurationSeconds());
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(params.getKeyValidityStart() != null)
|
||||
? params.getKeyValidityStart() : new Date(0));
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(params.getKeyValidityForOriginationEnd() != null)
|
||||
? params.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(params.getKeyValidityForConsumptionEnd() != null)
|
||||
? params.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
params.getKeyValidityForOriginationEnd());
|
||||
args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
params.getKeyValidityForConsumptionEnd());
|
||||
|
||||
if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0)
|
||||
&& (!params.isRandomizedEncryptionRequired())) {
|
||||
|
||||
Reference in New Issue
Block a user