From bf556ac636a39c1d0fe5451a921b88400dd1c695 Mon Sep 17 00:00:00 2001
From: Kenny Root <kroot@google.com>
Date: Mon, 1 Apr 2013 15:10:22 -0700
Subject: [PATCH] Add API to query KeyChain algorithm support

Bug: 7095660
Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
---
 api/current.txt                              |  2 ++
 keystore/java/android/security/KeyChain.java | 24 ++++++++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/api/current.txt b/api/current.txt
index 31acb354cfdf5..865323d500f9c 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -20756,6 +20756,8 @@ package android.security {
     method public static android.content.Intent createInstallIntent();
     method public static java.security.cert.X509Certificate[] getCertificateChain(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
     method public static java.security.PrivateKey getPrivateKey(android.content.Context, java.lang.String) throws java.lang.InterruptedException, android.security.KeyChainException;
+    method public static boolean isBoundKeyType(java.lang.String);
+    method public static boolean isKeyTypeSupported(java.lang.String);
     field public static final java.lang.String ACTION_STORAGE_CHANGED = "android.security.STORAGE_CHANGED";
     field public static final java.lang.String EXTRA_CERTIFICATE = "CERT";
     field public static final java.lang.String EXTRA_NAME = "name";
diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java
index d7119fff170fa..e077257843f60 100644
--- a/keystore/java/android/security/KeyChain.java
+++ b/keystore/java/android/security/KeyChain.java
@@ -356,6 +356,30 @@ public final class KeyChain {
         }
     }
 
+    /**
+     * Returns {@code true} if the current device's {@code KeyChain} supports a
+     * specific {@code PrivateKey} type indicated by {@code algorithm} (e.g.,
+     * "RSA").
+     */
+    public static boolean isKeyTypeSupported(String algorithm) {
+        return "RSA".equals(algorithm);
+    }
+
+    /**
+     * Returns {@code true} if the current device's {@code KeyChain} binds any
+     * {@code PrivateKey} of the given {@code algorithm} to the device once
+     * imported or generated. This can be used to tell if there is special
+     * hardware support that can be used to bind keys to the device in a way
+     * that makes it non-exportable.
+     */
+    public static boolean isBoundKeyType(String algorithm) {
+        if (!isKeyTypeSupported(algorithm)) {
+            return false;
+        }
+
+        return KeyStore.getInstance().isHardwareBacked();
+    }
+
     private static X509Certificate toCertificate(byte[] bytes) {
         if (bytes == null) {
             throw new IllegalArgumentException("bytes == null");