Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Remove deprecated generateAndStoreKey method implementation" into pi-dev

Browse Source
This commit is contained in:
Dmitry Dementyev
2018-03-30 16:44:53 +00:00
committed by Android (Google) Code Review
parent 47335f6e1c 86f5bb1a8c
commit 912853be10
9 changed files with 13 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
core/java/android/security/keystore/RecoveryController.java
View File

@@ -443,16 +443,7 @@ public class RecoveryController {
*/
public byte[] generateAndStoreKey(@NonNull String alias)
throws InternalRecoveryServiceException, LockScreenRequiredException {
try {
return mBinder.generateAndStoreKey(alias);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
if (e.errorCode == ERROR_INSECURE_USER) {
throw new LockScreenRequiredException(e.getMessage());
}
throw wrapUnexpectedServiceSpecificException(e);
}
throw new UnsupportedOperationException();
}
/**

19
core/java/android/security/keystore/recovery/KeyChainSnapshot.java
View File

@@ -78,23 +78,8 @@ public final class KeyChainSnapshot implements Parcelable {
private byte[] mEncryptedRecoveryKeyBlob;
/**
* @hide
* Deprecated, consider using builder.
* Use builder to create an instance of the class.
*/
public KeyChainSnapshot(
int snapshotVersion,
@NonNull List<KeyChainProtectionParams> keyChainProtectionParams,
@NonNull List<WrappedApplicationKey> wrappedApplicationKeys,
@NonNull byte[] encryptedRecoveryKeyBlob) {
mSnapshotVersion = snapshotVersion;
mKeyChainProtectionParams =
Preconditions.checkCollectionElementsNotNull(keyChainProtectionParams,
"KeyChainProtectionParams");
mEntryRecoveryData = Preconditions.checkCollectionElementsNotNull(wrappedApplicationKeys,
"wrappedApplicationKeys");
mEncryptedRecoveryKeyBlob = Preconditions.checkNotNull(encryptedRecoveryKeyBlob);
}
private KeyChainSnapshot() {
}
@@ -108,7 +93,7 @@ public final class KeyChainSnapshot implements Parcelable {
}
/**
* Number of user secret guesses allowed during Keychain recovery.
* Number of user secret guesses allowed during KeyChain recovery.
*/
public int getMaxAttempts() {
return mMaxAttempts;

2
core/java/android/security/keystore/recovery/KeyDerivationParams.java
View File

@@ -106,7 +106,7 @@ public final class KeyDerivationParams implements Parcelable {
/**
* @hide
*/
KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt,
private KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt,
int memoryDifficulty) {
mAlgorithm = algorithm;
mSalt = Preconditions.checkNotNull(salt);

11
core/java/android/security/keystore/recovery/RecoveryController.java
View File

@@ -577,16 +577,7 @@ public class RecoveryController {
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public byte[] generateAndStoreKey(@NonNull String alias, byte[] account)
throws InternalRecoveryServiceException, LockScreenRequiredException {
try {
return mBinder.generateAndStoreKey(alias);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
} catch (ServiceSpecificException e) {
if (e.errorCode == ERROR_INSECURE_USER) {
throw new LockScreenRequiredException(e.getMessage());
}
throw wrapUnexpectedServiceSpecificException(e);
}
throw new UnsupportedOperationException("Operation is not supported, use generateKey");
}
/**

10
core/java/android/security/keystore/recovery/RecoverySession.java
View File

@@ -157,8 +157,8 @@ public class RecoverySession implements AutoCloseable {
* @param vaultChallenge Data passed from server for this recovery session and used to prevent
* replay attacks.
* @param secrets Secrets provided by user, the method only uses type and secret fields.
* @return The recovery claim. Claim provides a b binary blob with recovery claim. It is
* encrypted with verifierPublicKey and contains a proof of user secrets, session symmetric
* @return The binary blob with recovery claim. It is encrypted with verifierPublicKey
* and contains a proof of user secrets possession, session symmetric
* key and parameters necessary to identify the counter with the number of failed recovery
* attempts.
* @throws CertificateException if the {@code verifierCertPath} is invalid.
@@ -228,7 +228,8 @@ public class RecoverySession implements AutoCloseable {
*
* @param recoveryKeyBlob Recovery blob encrypted by symmetric key generated for this session.
* @param applicationKeys Application keys. Key material can be decrypted using recoveryKeyBlob
* and session.
* and session key generated by {@link #start}.
* @return {@code Map} from recovered keys aliases to their references.
* @throws SessionExpiredException if {@code session} has since been closed.
* @throws DecryptionFailedException if unable to decrypt the snapshot.
* @throws InternalRecoveryServiceException if an error occurs internal to the recovery service.
@@ -288,8 +289,7 @@ public class RecoverySession implements AutoCloseable {
}
/**
* Deletes all data associated with {@code session}. Should not be invoked directly but via
* {@link RecoverySession#close()}.
* Deletes all data associated with {@code session}.
*/
@RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Override

1
core/java/com/android/internal/widget/ILockSettings.aidl
View File

@@ -61,7 +61,6 @@ interface ILockSettings {
void initRecoveryServiceWithSigFile(in String rootCertificateAlias,
in byte[] recoveryServiceCertFile, in byte[] recoveryServiceSigFile);
KeyChainSnapshot getKeyChainSnapshot();
byte[] generateAndStoreKey(String alias);
String generateKey(String alias);
String importKey(String alias, in byte[] keyBytes);
String getKey(String alias);

5
services/core/java/com/android/server/locksettings/LockSettingsService.java
View File

@@ -2078,11 +2078,6 @@ public class LockSettingsService extends ILockSettings.Stub {
mRecoverableKeyStoreManager.removeKey(alias);
}
@Override
public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException {
return mRecoverableKeyStoreManager.generateAndStoreKey(alias);
}
@Override
public @Nullable String generateKey(@NonNull String alias) throws RemoteException {
return mRecoverableKeyStoreManager.generateKey(alias);

34
services/core/java/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManager.java
View File

@@ -671,40 +671,6 @@ public class RecoverableKeyStoreManager {
return mApplicationKeyStorage.getGrantAlias(userId, uid, alias);
}
/**
* Deprecated
* Generates a key named {@code alias} in the recoverable store for the calling uid. Then
* returns the raw key material.
*
* <p>TODO: Once AndroidKeyStore has added move api, do not return raw bytes.
*
* @deprecated
* @hide
*/
public byte[] generateAndStoreKey(@NonNull String alias) throws RemoteException {
checkRecoverKeyStorePermission();
int uid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
PlatformEncryptionKey encryptionKey;
try {
encryptionKey = mPlatformKeyManager.getEncryptKey(userId);
} catch (NoSuchAlgorithmException e) {
// Impossible: all algorithms must be supported by AOSP
throw new RuntimeException(e);
} catch (KeyStoreException | UnrecoverableKeyException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
} catch (InsecureUserException e) {
throw new ServiceSpecificException(ERROR_INSECURE_USER, e.getMessage());
}
try {
return mRecoverableKeyGenerator.generateAndStoreKey(encryptionKey, userId, uid, alias);
} catch (KeyStoreException | InvalidKeyException | RecoverableKeyStorageException e) {
throw new ServiceSpecificException(ERROR_SERVICE_INTERNAL_ERROR, e.getMessage());
}
}
/**
* Destroys the session with the given {@code sessionId}.
*/

24
services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/RecoverableKeyStoreManagerTest.java
View File

@@ -210,24 +210,6 @@ public class RecoverableKeyStoreManagerTest {
mDatabaseFile.delete();
}
@Test
public void generateAndStoreKey_storesTheKey() throws Exception {
int uid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
assertThat(mRecoverableKeyStoreDb.getKey(uid, TEST_ALIAS)).isNotNull();
assertThat(mRecoverableKeyStoreDb.getShouldCreateSnapshot(userId, uid)).isTrue();
}
@Test
public void generateAndStoreKey_returnsAKeyOfAppropriateSize() throws Exception {
assertThat(mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS))
.hasLength(RECOVERABLE_KEY_SIZE_BYTES);
}
@Test
public void importKey_storesTheKey() throws Exception {
int uid = Binder.getCallingUid();
@@ -265,7 +247,7 @@ public class RecoverableKeyStoreManagerTest {
@Test
public void removeKey_removesAKey() throws Exception {
int uid = Binder.getCallingUid();
mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
mRecoverableKeyStoreManager.generateKey(TEST_ALIAS);
mRecoverableKeyStoreManager.removeKey(TEST_ALIAS);
@@ -276,7 +258,7 @@ public class RecoverableKeyStoreManagerTest {
public void removeKey_updatesShouldCreateSnapshot() throws Exception {
int uid = Binder.getCallingUid();
int userId = UserHandle.getCallingUserId();
mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
mRecoverableKeyStoreManager.generateKey(TEST_ALIAS);
// Pretend that key was synced
mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
@@ -1056,7 +1038,7 @@ public class RecoverableKeyStoreManagerTest {
int userId = UserHandle.getCallingUserId();
mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 1 });
mRecoverableKeyStoreManager.generateAndStoreKey(TEST_ALIAS);
mRecoverableKeyStoreManager.generateKey(TEST_ALIAS);
// Pretend that key was synced
mRecoverableKeyStoreDb.setShouldCreateSnapshot(userId, uid, false);
mRecoverableKeyStoreManager.setRecoverySecretTypes(new int[] { 2 });