Rename trustedUserPresenceRequired.
The existing name is misleading, because it can be read as requiring that a trusted user be present, rather than the intended meaning of requiring trusted proof of user presence. Since this is all about TEE/SE-based keys, the "trusted" part is implied, so the simple "userPresenceRequired" name makes more sense. Bug: 77151288 Test: Keystore CTS tests Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b
This commit is contained in:
Shawn Willden
@@ -38578,11 +38578,11 @@ package android.security.keystore {
|
||||
method public boolean isInvalidatedByBiometricEnrollment();
|
||||
method public boolean isRandomizedEncryptionRequired();
|
||||
method public boolean isStrongBoxBacked();
|
||||
method public boolean isTrustedUserPresenceRequired();
|
||||
method public boolean isUnlockedDeviceRequired();
|
||||
method public boolean isUserAuthenticationRequired();
|
||||
method public boolean isUserAuthenticationValidWhileOnBody();
|
||||
method public boolean isUserConfirmationRequired();
|
||||
method public boolean isUserPresenceRequired();
|
||||
}
|
||||
|
||||
public static final class KeyGenParameterSpec.Builder {
|
||||
@@ -38606,12 +38606,12 @@ package android.security.keystore {
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUserConfirmationRequired(boolean);
|
||||
method public android.security.keystore.KeyGenParameterSpec.Builder setUserPresenceRequired(boolean);
|
||||
}
|
||||
|
||||
public class KeyInfo implements java.security.spec.KeySpec {
|
||||
@@ -38699,11 +38699,11 @@ package android.security.keystore {
|
||||
method public boolean isDigestsSpecified();
|
||||
method public boolean isInvalidatedByBiometricEnrollment();
|
||||
method public boolean isRandomizedEncryptionRequired();
|
||||
method public boolean isTrustedUserPresenceRequired();
|
||||
method public boolean isUnlockedDeviceRequired();
|
||||
method public boolean isUserAuthenticationRequired();
|
||||
method public boolean isUserAuthenticationValidWhileOnBody();
|
||||
method public boolean isUserConfirmationRequired();
|
||||
method public boolean isUserPresenceRequired();
|
||||
}
|
||||
|
||||
public static final class KeyProtection.Builder {
|
||||
@@ -38719,12 +38719,12 @@ package android.security.keystore {
|
||||
method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date);
|
||||
method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...);
|
||||
method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int);
|
||||
method public android.security.keystore.KeyProtection.Builder setUserConfirmationRequired(boolean);
|
||||
method public android.security.keystore.KeyProtection.Builder setUserPresenceRequired(boolean);
|
||||
}
|
||||
|
||||
public class StrongBoxUnavailableException extends java.security.ProviderException {
|
||||
|
||||
@@ -259,7 +259,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
private final boolean mRandomizedEncryptionRequired;
|
||||
private final boolean mUserAuthenticationRequired;
|
||||
private final int mUserAuthenticationValidityDurationSeconds;
|
||||
private final boolean mTrustedUserPresenceRequred;
|
||||
private final boolean mUserPresenceRequired;
|
||||
private final byte[] mAttestationChallenge;
|
||||
private final boolean mUniqueIdIncluded;
|
||||
private final boolean mUserAuthenticationValidWhileOnBody;
|
||||
@@ -291,7 +291,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
boolean randomizedEncryptionRequired,
|
||||
boolean userAuthenticationRequired,
|
||||
int userAuthenticationValidityDurationSeconds,
|
||||
boolean trustedUserPresenceRequired,
|
||||
boolean userPresenceRequired,
|
||||
byte[] attestationChallenge,
|
||||
boolean uniqueIdIncluded,
|
||||
boolean userAuthenticationValidWhileOnBody,
|
||||
@@ -339,7 +339,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
|
||||
mRandomizedEncryptionRequired = randomizedEncryptionRequired;
|
||||
mUserAuthenticationRequired = userAuthenticationRequired;
|
||||
mTrustedUserPresenceRequred = trustedUserPresenceRequired;
|
||||
mUserPresenceRequired = userPresenceRequired;
|
||||
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
|
||||
mAttestationChallenge = Utils.cloneIfNotNull(attestationChallenge);
|
||||
mUniqueIdIncluded = uniqueIdIncluded;
|
||||
@@ -595,8 +595,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
* Returns {@code true} if the key is authorized to be used only if a test of user presence has
|
||||
* been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls.
|
||||
*/
|
||||
public boolean isTrustedUserPresenceRequired() {
|
||||
return mTrustedUserPresenceRequred;
|
||||
public boolean isUserPresenceRequired() {
|
||||
return mUserPresenceRequired;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -712,7 +712,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
private boolean mRandomizedEncryptionRequired = true;
|
||||
private boolean mUserAuthenticationRequired;
|
||||
private int mUserAuthenticationValidityDurationSeconds = -1;
|
||||
private boolean mTrustedUserPresenceRequired = false;
|
||||
private boolean mUserPresenceRequired = false;
|
||||
private byte[] mAttestationChallenge = null;
|
||||
private boolean mUniqueIdIncluded = false;
|
||||
private boolean mUserAuthenticationValidWhileOnBody;
|
||||
@@ -775,7 +775,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
mUserAuthenticationRequired = sourceSpec.isUserAuthenticationRequired();
|
||||
mUserAuthenticationValidityDurationSeconds =
|
||||
sourceSpec.getUserAuthenticationValidityDurationSeconds();
|
||||
mTrustedUserPresenceRequired = sourceSpec.isTrustedUserPresenceRequired();
|
||||
mUserPresenceRequired = sourceSpec.isUserPresenceRequired();
|
||||
mAttestationChallenge = sourceSpec.getAttestationChallenge();
|
||||
mUniqueIdIncluded = sourceSpec.isUniqueIdIncluded();
|
||||
mUserAuthenticationValidWhileOnBody = sourceSpec.isUserAuthenticationValidWhileOnBody();
|
||||
@@ -1180,8 +1180,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
* {@code Signature.initSign()} and {@code Signature.sign()} method calls.
|
||||
*/
|
||||
@NonNull
|
||||
public Builder setTrustedUserPresenceRequired(boolean required) {
|
||||
mTrustedUserPresenceRequired = required;
|
||||
public Builder setUserPresenceRequired(boolean required) {
|
||||
mUserPresenceRequired = required;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -1324,7 +1324,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
|
||||
mRandomizedEncryptionRequired,
|
||||
mUserAuthenticationRequired,
|
||||
mUserAuthenticationValidityDurationSeconds,
|
||||
mTrustedUserPresenceRequired,
|
||||
mUserPresenceRequired,
|
||||
mAttestationChallenge,
|
||||
mUniqueIdIncluded,
|
||||
mUserAuthenticationValidWhileOnBody,
|
||||
|
||||
@@ -224,7 +224,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
private final boolean mRandomizedEncryptionRequired;
|
||||
private final boolean mUserAuthenticationRequired;
|
||||
private final int mUserAuthenticationValidityDurationSeconds;
|
||||
private final boolean mTrustedUserPresenceRequired;
|
||||
private final boolean mUserPresenceRequred;
|
||||
private final boolean mUserAuthenticationValidWhileOnBody;
|
||||
private final boolean mInvalidatedByBiometricEnrollment;
|
||||
private final long mBoundToSecureUserId;
|
||||
@@ -244,7 +244,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
boolean randomizedEncryptionRequired,
|
||||
boolean userAuthenticationRequired,
|
||||
int userAuthenticationValidityDurationSeconds,
|
||||
boolean trustedUserPresenceRequired,
|
||||
boolean userPresenceRequred,
|
||||
boolean userAuthenticationValidWhileOnBody,
|
||||
boolean invalidatedByBiometricEnrollment,
|
||||
long boundToSecureUserId,
|
||||
@@ -264,7 +264,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
mRandomizedEncryptionRequired = randomizedEncryptionRequired;
|
||||
mUserAuthenticationRequired = userAuthenticationRequired;
|
||||
mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
|
||||
mTrustedUserPresenceRequired = trustedUserPresenceRequired;
|
||||
mUserPresenceRequred = userPresenceRequred;
|
||||
mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody;
|
||||
mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment;
|
||||
mBoundToSecureUserId = boundToSecureUserId;
|
||||
@@ -446,8 +446,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
* Returns {@code true} if the key is authorized to be used only if a test of user presence has
|
||||
* been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls.
|
||||
*/
|
||||
public boolean isTrustedUserPresenceRequired() {
|
||||
return mTrustedUserPresenceRequired;
|
||||
public boolean isUserPresenceRequired() {
|
||||
return mUserPresenceRequred;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -532,7 +532,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
private boolean mRandomizedEncryptionRequired = true;
|
||||
private boolean mUserAuthenticationRequired;
|
||||
private int mUserAuthenticationValidityDurationSeconds = -1;
|
||||
private boolean mTrustedUserPresenceRequired = false;
|
||||
private boolean mUserPresenceRequired = false;
|
||||
private boolean mUserAuthenticationValidWhileOnBody;
|
||||
private boolean mInvalidatedByBiometricEnrollment = true;
|
||||
private boolean mUserConfirmationRequired;
|
||||
@@ -841,8 +841,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
* {@code Signature.initSign()} and {@code Signature.sign()} method calls.
|
||||
*/
|
||||
@NonNull
|
||||
public Builder setTrustedUserPresenceRequired(boolean required) {
|
||||
mTrustedUserPresenceRequired = required;
|
||||
public Builder setUserPresenceRequired(boolean required) {
|
||||
mUserPresenceRequired = required;
|
||||
return this;
|
||||
}
|
||||
|
||||
@@ -958,7 +958,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
|
||||
mRandomizedEncryptionRequired,
|
||||
mUserAuthenticationRequired,
|
||||
mUserAuthenticationValidityDurationSeconds,
|
||||
mTrustedUserPresenceRequired,
|
||||
mUserPresenceRequired,
|
||||
mUserAuthenticationValidWhileOnBody,
|
||||
mInvalidatedByBiometricEnrollment,
|
||||
mBoundToSecureUserId,
|
||||
|
||||
@@ -106,7 +106,7 @@ public abstract class KeymasterUtils {
|
||||
args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_CONFIRMATION_REQUIRED);
|
||||
}
|
||||
|
||||
if (spec.isTrustedUserPresenceRequired()) {
|
||||
if (spec.isUserPresenceRequired()) {
|
||||
args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED);
|
||||
}
|
||||
|
||||
|
||||
@@ -101,7 +101,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {
|
||||
out.writeBoolean(mSpec.isUniqueIdIncluded());
|
||||
out.writeBoolean(mSpec.isUserAuthenticationValidWhileOnBody());
|
||||
out.writeBoolean(mSpec.isInvalidatedByBiometricEnrollment());
|
||||
out.writeBoolean(mSpec.isTrustedUserPresenceRequired());
|
||||
out.writeBoolean(mSpec.isUserPresenceRequired());
|
||||
}
|
||||
|
||||
private static Date readDateOrNull(Parcel in) {
|
||||
@@ -165,7 +165,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable {
|
||||
builder.setUniqueIdIncluded(in.readBoolean());
|
||||
builder.setUserAuthenticationValidWhileOnBody(in.readBoolean());
|
||||
builder.setInvalidatedByBiometricEnrollment(in.readBoolean());
|
||||
builder.setTrustedUserPresenceRequired(in.readBoolean());
|
||||
builder.setUserPresenceRequired(in.readBoolean());
|
||||
mSpec = builder.build();
|
||||
}
|
||||
|
||||
|
||||
@@ -32,7 +32,6 @@ public interface UserAuthArgs {
|
||||
boolean isInvalidatedByBiometricEnrollment();
|
||||
boolean isUserConfirmationRequired();
|
||||
long getBoundToSpecificSecureUserId();
|
||||
boolean isTrustedUserPresenceRequired();
|
||||
boolean isUserPresenceRequired();
|
||||
boolean isUnlockedDeviceRequired();
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user