From 9f49e8df2a6574460b26eb0d9c20111449623760 Mon Sep 17 00:00:00 2001 From: Kevin Chyn Date: Thu, 5 Mar 2020 11:04:15 -0800 Subject: [PATCH] Do not allow -1 duration in setUserAuthenticationParameters This is a completely new API so callers can follow the new pattern of using 0 to require auth for every use of the key. Supporting both -1 and 0 to require auth for every use of the key increases CtsVerifier complexity exponentially (strongbox, invalidated by enrollment, etc). Fixes: 150823346 Test: builds Change-Id: Ieef53a8b50f5119c5e52656e930bf16b1e8e3d89 --- api/current.txt | 4 ++-- .../security/keystore/KeyGenParameterSpec.java | 11 ++++------- .../java/android/security/keystore/KeyProtection.java | 11 ++++------- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/api/current.txt b/api/current.txt index 2ec3bcc271562..4e07681150693 100644 --- a/api/current.txt +++ b/api/current.txt @@ -42783,7 +42783,7 @@ package android.security.keystore { method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean); method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...); method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean); - method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationParameters(@IntRange(from=0xffffffff) int, int); + method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationParameters(@IntRange(from=0) int, int); method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationRequired(boolean); method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidWhileOnBody(boolean); method @Deprecated @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUserAuthenticationValidityDurationSeconds(@IntRange(from=0xffffffff) int); @@ -42901,7 +42901,7 @@ package android.security.keystore { method @NonNull public android.security.keystore.KeyProtection.Builder setRandomizedEncryptionRequired(boolean); method @NonNull public android.security.keystore.KeyProtection.Builder setSignaturePaddings(java.lang.String...); method @NonNull public android.security.keystore.KeyProtection.Builder setUnlockedDeviceRequired(boolean); - method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationParameters(@IntRange(from=0xffffffff) int, int); + method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationParameters(@IntRange(from=0) int, int); method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationRequired(boolean); method @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidWhileOnBody(boolean); method @Deprecated @NonNull public android.security.keystore.KeyProtection.Builder setUserAuthenticationValidityDurationSeconds(@IntRange(from=0xffffffff) int); diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index d683041fbfdcd..d9d2eea3536e5 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -1264,8 +1264,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu * successfully. * * @param timeout duration in seconds or {@code 0} if user authentication must take place - * for every use of the key. {@code -1} is also accepted for legacy purposes. It is - * functionally the same as {@code 0}. + * for every use of the key. * @param type set of authentication types which can authorize use of the key. See * {@link KeyProperties}.{@code AUTH} flags. * @@ -1275,12 +1274,10 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu * @see KeyguardManager */ @NonNull - public Builder setUserAuthenticationParameters(@IntRange(from = -1) int timeout, + public Builder setUserAuthenticationParameters(@IntRange(from = 0) int timeout, @KeyProperties.AuthEnum int type) { - if (timeout < -1) { - throw new IllegalArgumentException("timeout must be -1 or larger"); - } else if (timeout == -1) { - timeout = 0; + if (timeout < 0) { + throw new IllegalArgumentException("timeout must be 0 or larger"); } mUserAuthenticationValidityDurationSeconds = timeout; mUserAuthenticationType = type; diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index e230b7c3708bd..8120a93e30e92 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -894,8 +894,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * successfully. * * @param timeout duration in seconds or {@code 0} if user authentication must take place - * for every use of the key. {@code -1} is also accepted for legacy purposes. It is - * functionally the same as {@code 0}. + * for every use of the key. * @param type set of authentication types which can authorize use of the key. See * {@link KeyProperties}.{@code AUTH} flags. * @@ -905,12 +904,10 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * @see KeyguardManager */ @NonNull - public Builder setUserAuthenticationParameters(@IntRange(from = -1) int timeout, + public Builder setUserAuthenticationParameters(@IntRange(from = 0) int timeout, @KeyProperties.AuthEnum int type) { - if (timeout < -1) { - throw new IllegalArgumentException("timeout must be -1 or larger"); - } else if (timeout == -1) { - timeout = 0; + if (timeout < 0) { + throw new IllegalArgumentException("timeout must be 0 or larger"); } mUserAuthenticationValidityDurationSeconds = timeout; mUserAuthenticationType = type;