am 04047af6: Merge "Use Keymaster-friendly validity dates."
* commit '04047af628338aa7859ae1f24700e1e4e3ae63e7': Use Keymaster-friendly validity dates.
This commit is contained in:
Alex Klyubin
@@ -544,17 +544,15 @@ public class AndroidKeyStore extends KeyStoreSpi {
|
||||
args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
|
||||
params.getUserAuthenticationValidityDurationSeconds());
|
||||
}
|
||||
if (params.getKeyValidityStart() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart());
|
||||
}
|
||||
if (params.getKeyValidityForOriginationEnd() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
params.getKeyValidityForOriginationEnd());
|
||||
}
|
||||
if (params.getKeyValidityForConsumptionEnd() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
params.getKeyValidityForConsumptionEnd());
|
||||
}
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(params.getKeyValidityStart() != null)
|
||||
? params.getKeyValidityStart() : new Date(0));
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(params.getKeyValidityForOriginationEnd() != null)
|
||||
? params.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(params.getKeyValidityForConsumptionEnd() != null)
|
||||
? params.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
|
||||
|
||||
// TODO: Remove this once keymaster does not require us to specify the size of imported key.
|
||||
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);
|
||||
|
||||
@@ -23,6 +23,7 @@ import android.security.keymaster.KeymasterDefs;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.AlgorithmParameterSpec;
|
||||
import java.util.Date;
|
||||
|
||||
import javax.crypto.KeyGeneratorSpi;
|
||||
import javax.crypto.SecretKey;
|
||||
@@ -144,17 +145,15 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
|
||||
args.addInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
|
||||
spec.getUserAuthenticationValidityDurationSeconds());
|
||||
}
|
||||
if (spec.getKeyValidityStart() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart());
|
||||
}
|
||||
if (spec.getKeyValidityForOriginationEnd() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForOriginationEnd());
|
||||
}
|
||||
if (spec.getKeyValidityForConsumptionEnd() != null) {
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
spec.getKeyValidityForConsumptionEnd());
|
||||
}
|
||||
args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME,
|
||||
(spec.getKeyValidityStart() != null)
|
||||
? spec.getKeyValidityStart() : new Date(0));
|
||||
args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForOriginationEnd() != null)
|
||||
? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE));
|
||||
args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME,
|
||||
(spec.getKeyValidityForConsumptionEnd() != null)
|
||||
? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
|
||||
|
||||
if (((purposes & KeyStoreKeyConstraints.Purpose.ENCRYPT) != 0)
|
||||
|| ((purposes & KeyStoreKeyConstraints.Purpose.DECRYPT) != 0)) {
|
||||
|
||||
@@ -22,6 +22,7 @@ import android.security.keymaster.KeymasterDefs;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.KeySpec;
|
||||
import java.util.Date;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
@@ -112,6 +113,24 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
||||
throw new InvalidKeySpecException("Unsupported key characteristic", e);
|
||||
}
|
||||
|
||||
Date keyValidityStart =
|
||||
KeymasterUtils.getDate(keyCharacteristics, KeymasterDefs.KM_TAG_ACTIVE_DATETIME);
|
||||
if ((keyValidityStart != null) && (keyValidityStart.getTime() <= 0)) {
|
||||
keyValidityStart = null;
|
||||
}
|
||||
Date keyValidityForOriginationEnd = KeymasterUtils.getDate(keyCharacteristics,
|
||||
KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME);
|
||||
if ((keyValidityForOriginationEnd != null)
|
||||
&& (keyValidityForOriginationEnd.getTime() == Long.MAX_VALUE)) {
|
||||
keyValidityForOriginationEnd = null;
|
||||
}
|
||||
Date keyValidityForConsumptionEnd = KeymasterUtils.getDate(keyCharacteristics,
|
||||
KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME);
|
||||
if ((keyValidityForConsumptionEnd != null)
|
||||
&& (keyValidityForConsumptionEnd.getTime() == Long.MAX_VALUE)) {
|
||||
keyValidityForConsumptionEnd = null;
|
||||
}
|
||||
|
||||
int swEnforcedUserAuthenticatorIds =
|
||||
keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, 0);
|
||||
int hwEnforcedUserAuthenticatorIds =
|
||||
@@ -126,11 +145,9 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
|
||||
return new KeyStoreKeySpec(entryAlias,
|
||||
origin,
|
||||
keySize,
|
||||
KeymasterUtils.getDate(keyCharacteristics, KeymasterDefs.KM_TAG_ACTIVE_DATETIME),
|
||||
KeymasterUtils.getDate(keyCharacteristics,
|
||||
KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME),
|
||||
KeymasterUtils.getDate(keyCharacteristics,
|
||||
KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME),
|
||||
keyValidityStart,
|
||||
keyValidityForOriginationEnd,
|
||||
keyValidityForConsumptionEnd,
|
||||
purposes,
|
||||
algorithm,
|
||||
padding,
|
||||
|
||||
Reference in New Issue
Block a user