From 3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777 Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Tue, 27 Mar 2018 16:10:37 -0600 Subject: [PATCH] Rename trustedUserPresenceRequired. The existing name is misleading, because it can be read as requiring that a trusted user be present, rather than the intended meaning of requiring trusted proof of user presence. Since this is all about TEE/SE-based keys, the "trusted" part is implied, so the simple "userPresenceRequired" name makes more sense. Bug: 77151288 Test: Keystore CTS tests Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b --- api/current.txt | 8 ++++---- .../keystore/KeyGenParameterSpec.java | 20 +++++++++---------- .../security/keystore/KeyProtection.java | 18 ++++++++--------- .../security/keystore/KeymasterUtils.java | 2 +- .../ParcelableKeyGenParameterSpec.java | 4 ++-- .../security/keystore/UserAuthArgs.java | 3 +-- 6 files changed, 27 insertions(+), 28 deletions(-) diff --git a/api/current.txt b/api/current.txt index e2ba28af16780..960c61f7f24bc 100644 --- a/api/current.txt +++ b/api/current.txt @@ -38578,11 +38578,11 @@ package android.security.keystore { method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isRandomizedEncryptionRequired(); method public boolean isStrongBoxBacked(); - method public boolean isTrustedUserPresenceRequired(); method public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); method public boolean isUserConfirmationRequired(); + method public boolean isUserPresenceRequired(); } public static final class KeyGenParameterSpec.Builder { @@ -38606,12 +38606,12 @@ package android.security.keystore { method public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date); method public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...); - method public android.security.keystore.KeyGenParameterSpec.Builder setTrustedUserPresenceRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(int); method public android.security.keystore.KeyGenParameterSpec.Builder setUserConfirmationRequired(boolean); + method public android.security.keystore.KeyGenParameterSpec.Builder setUserPresenceRequired(boolean); } public class KeyInfo implements java.security.spec.KeySpec { @@ -38699,11 +38699,11 @@ package android.security.keystore { method public boolean isDigestsSpecified(); method public boolean isInvalidatedByBiometricEnrollment(); method public boolean isRandomizedEncryptionRequired(); - method public boolean isTrustedUserPresenceRequired(); method public boolean isUnlockedDeviceRequired(); method public boolean isUserAuthenticationRequired(); method public boolean isUserAuthenticationValidWhileOnBody(); method public boolean isUserConfirmationRequired(); + method public boolean isUserPresenceRequired(); } public static final class KeyProtection.Builder { @@ -38719,12 +38719,12 @@ package android.security.keystore { method public android.security.keystore.KeyProtection.Builder setKeyValidityStart(java.util.Date); method public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean); method public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...); - method public android.security.keystore.KeyProtection.Builder setTrustedUserPresenceRequired(boolean); method public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean); method public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(int); method public android.security.keystore.KeyProtection.Builder setUserConfirmationRequired(boolean); + method public android.security.keystore.KeyProtection.Builder setUserPresenceRequired(boolean); } public class StrongBoxUnavailableException extends java.security.ProviderException { diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index c342acdf101ed..f7bda3e46cf5a 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -259,7 +259,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu private final boolean mRandomizedEncryptionRequired; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; - private final boolean mTrustedUserPresenceRequred; + private final boolean mUserPresenceRequired; private final byte[] mAttestationChallenge; private final boolean mUniqueIdIncluded; private final boolean mUserAuthenticationValidWhileOnBody; @@ -291,7 +291,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu boolean randomizedEncryptionRequired, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, - boolean trustedUserPresenceRequired, + boolean userPresenceRequired, byte[] attestationChallenge, boolean uniqueIdIncluded, boolean userAuthenticationValidWhileOnBody, @@ -339,7 +339,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes)); mRandomizedEncryptionRequired = randomizedEncryptionRequired; mUserAuthenticationRequired = userAuthenticationRequired; - mTrustedUserPresenceRequred = trustedUserPresenceRequired; + mUserPresenceRequired = userPresenceRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; mAttestationChallenge = Utils.cloneIfNotNull(attestationChallenge); mUniqueIdIncluded = uniqueIdIncluded; @@ -595,8 +595,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. */ - public boolean isTrustedUserPresenceRequired() { - return mTrustedUserPresenceRequred; + public boolean isUserPresenceRequired() { + return mUserPresenceRequired; } /** @@ -712,7 +712,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; private int mUserAuthenticationValidityDurationSeconds = -1; - private boolean mTrustedUserPresenceRequired = false; + private boolean mUserPresenceRequired = false; private byte[] mAttestationChallenge = null; private boolean mUniqueIdIncluded = false; private boolean mUserAuthenticationValidWhileOnBody; @@ -775,7 +775,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu mUserAuthenticationRequired = sourceSpec.isUserAuthenticationRequired(); mUserAuthenticationValidityDurationSeconds = sourceSpec.getUserAuthenticationValidityDurationSeconds(); - mTrustedUserPresenceRequired = sourceSpec.isTrustedUserPresenceRequired(); + mUserPresenceRequired = sourceSpec.isUserPresenceRequired(); mAttestationChallenge = sourceSpec.getAttestationChallenge(); mUniqueIdIncluded = sourceSpec.isUniqueIdIncluded(); mUserAuthenticationValidWhileOnBody = sourceSpec.isUserAuthenticationValidWhileOnBody(); @@ -1180,8 +1180,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu * {@code Signature.initSign()} and {@code Signature.sign()} method calls. */ @NonNull - public Builder setTrustedUserPresenceRequired(boolean required) { - mTrustedUserPresenceRequired = required; + public Builder setUserPresenceRequired(boolean required) { + mUserPresenceRequired = required; return this; } @@ -1324,7 +1324,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu mRandomizedEncryptionRequired, mUserAuthenticationRequired, mUserAuthenticationValidityDurationSeconds, - mTrustedUserPresenceRequired, + mUserPresenceRequired, mAttestationChallenge, mUniqueIdIncluded, mUserAuthenticationValidWhileOnBody, diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 22568ce7a596a..5174890b3fd2c 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -224,7 +224,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { private final boolean mRandomizedEncryptionRequired; private final boolean mUserAuthenticationRequired; private final int mUserAuthenticationValidityDurationSeconds; - private final boolean mTrustedUserPresenceRequired; + private final boolean mUserPresenceRequred; private final boolean mUserAuthenticationValidWhileOnBody; private final boolean mInvalidatedByBiometricEnrollment; private final long mBoundToSecureUserId; @@ -244,7 +244,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { boolean randomizedEncryptionRequired, boolean userAuthenticationRequired, int userAuthenticationValidityDurationSeconds, - boolean trustedUserPresenceRequired, + boolean userPresenceRequred, boolean userAuthenticationValidWhileOnBody, boolean invalidatedByBiometricEnrollment, long boundToSecureUserId, @@ -264,7 +264,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { mRandomizedEncryptionRequired = randomizedEncryptionRequired; mUserAuthenticationRequired = userAuthenticationRequired; mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds; - mTrustedUserPresenceRequired = trustedUserPresenceRequired; + mUserPresenceRequred = userPresenceRequred; mUserAuthenticationValidWhileOnBody = userAuthenticationValidWhileOnBody; mInvalidatedByBiometricEnrollment = invalidatedByBiometricEnrollment; mBoundToSecureUserId = boundToSecureUserId; @@ -446,8 +446,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. */ - public boolean isTrustedUserPresenceRequired() { - return mTrustedUserPresenceRequired; + public boolean isUserPresenceRequired() { + return mUserPresenceRequred; } /** @@ -532,7 +532,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; private int mUserAuthenticationValidityDurationSeconds = -1; - private boolean mTrustedUserPresenceRequired = false; + private boolean mUserPresenceRequired = false; private boolean mUserAuthenticationValidWhileOnBody; private boolean mInvalidatedByBiometricEnrollment = true; private boolean mUserConfirmationRequired; @@ -841,8 +841,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * {@code Signature.initSign()} and {@code Signature.sign()} method calls. */ @NonNull - public Builder setTrustedUserPresenceRequired(boolean required) { - mTrustedUserPresenceRequired = required; + public Builder setUserPresenceRequired(boolean required) { + mUserPresenceRequired = required; return this; } @@ -958,7 +958,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { mRandomizedEncryptionRequired, mUserAuthenticationRequired, mUserAuthenticationValidityDurationSeconds, - mTrustedUserPresenceRequired, + mUserPresenceRequired, mUserAuthenticationValidWhileOnBody, mInvalidatedByBiometricEnrollment, mBoundToSecureUserId, diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index 14a9970c66d46..f829bb7cfeedd 100644 --- a/keystore/java/android/security/keystore/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -106,7 +106,7 @@ public abstract class KeymasterUtils { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_CONFIRMATION_REQUIRED); } - if (spec.isTrustedUserPresenceRequired()) { + if (spec.isUserPresenceRequired()) { args.addBoolean(KeymasterDefs.KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED); } diff --git a/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java b/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java index e5fdea78fffab..911bbf8c4eb55 100644 --- a/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java @@ -101,7 +101,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable { out.writeBoolean(mSpec.isUniqueIdIncluded()); out.writeBoolean(mSpec.isUserAuthenticationValidWhileOnBody()); out.writeBoolean(mSpec.isInvalidatedByBiometricEnrollment()); - out.writeBoolean(mSpec.isTrustedUserPresenceRequired()); + out.writeBoolean(mSpec.isUserPresenceRequired()); } private static Date readDateOrNull(Parcel in) { @@ -165,7 +165,7 @@ public final class ParcelableKeyGenParameterSpec implements Parcelable { builder.setUniqueIdIncluded(in.readBoolean()); builder.setUserAuthenticationValidWhileOnBody(in.readBoolean()); builder.setInvalidatedByBiometricEnrollment(in.readBoolean()); - builder.setTrustedUserPresenceRequired(in.readBoolean()); + builder.setUserPresenceRequired(in.readBoolean()); mSpec = builder.build(); } diff --git a/keystore/java/android/security/keystore/UserAuthArgs.java b/keystore/java/android/security/keystore/UserAuthArgs.java index ad18ff8aef767..69520606f1016 100644 --- a/keystore/java/android/security/keystore/UserAuthArgs.java +++ b/keystore/java/android/security/keystore/UserAuthArgs.java @@ -32,7 +32,6 @@ public interface UserAuthArgs { boolean isInvalidatedByBiometricEnrollment(); boolean isUserConfirmationRequired(); long getBoundToSpecificSecureUserId(); - boolean isTrustedUserPresenceRequired(); + boolean isUserPresenceRequired(); boolean isUnlockedDeviceRequired(); - }