From 1c5ee613be6ac28877468d89272ad76bf03440c9 Mon Sep 17 00:00:00 2001 From: "Brian C. Young" Date: Tue, 10 Apr 2018 08:43:53 -0700 Subject: [PATCH] Allow CTS tests to access more from KeyProtection Add @TestApi to allow CTS tests to use that call. Encryption and decryption are reversed in some documentation. Test: CtsKeystoreTestCases Bug: 77596526 Change-Id: Ifaf8b3fa0e231eef256451a2514219fff1b16699 --- api/test-current.txt | 8 ++++++++ .../android/security/keystore/KeyGenParameterSpec.java | 4 ++-- .../java/android/security/keystore/KeyProtection.java | 7 +++++-- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/api/test-current.txt b/api/test-current.txt index 94154c2c92a90..a4f422bf47bb5 100644 --- a/api/test-current.txt +++ b/api/test-current.txt @@ -707,6 +707,14 @@ package android.security.keystore { field public static final int ID_TYPE_SERIAL = 1; // 0x1 } + public final class KeyProtection implements java.security.KeyStore.ProtectionParameter { + method public long getBoundToSpecificSecureUserId(); + } + + public static final class KeyProtection.Builder { + method public android.security.keystore.KeyProtection.Builder setBoundToSpecificSecureUserId(long); + } + } package android.service.autofill { diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index c0d0fb00b40f9..d95feb04cdddf 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -673,8 +673,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu } /** - * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or - * signing. Decryption and signature verification will still be available when the screen is + * Returns {@code true} if the screen must be unlocked for this key to be used for decryption or + * signing. Encryption and signature verification will still be available when the screen is * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 41dc2019c8f5e..92bee8dec8194 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -19,6 +19,7 @@ package android.security.keystore; import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.TestApi; import android.app.KeyguardManager; import android.hardware.fingerprint.FingerprintManager; import android.security.GateKeeper; @@ -496,6 +497,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * @see KeymasterUtils#addUserAuthArgs * @hide */ + @TestApi public long getBoundToSpecificSecureUserId() { return mBoundToSecureUserId; } @@ -511,8 +513,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { } /** - * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or - * signing. Decryption and signature verification will still be available when the screen is + * Returns {@code true} if the screen must be unlocked for this key to be used for decryption or + * signing. Encryption and signature verification will still be available when the screen is * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) @@ -913,6 +915,7 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { * @see KeyProtection#getBoundToSpecificSecureUserId() * @hide */ + @TestApi public Builder setBoundToSpecificSecureUserId(long secureUserId) { mBoundToSecureUserId = secureUserId; return this;