diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index d9d2eea3536e5..a7d0cb84f848b 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -764,8 +764,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu private @KeyProperties.BlockModeEnum String[] mBlockModes; private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; - private int mUserAuthenticationValidityDurationSeconds = -1; - private @KeyProperties.AuthEnum int mUserAuthenticationType; + private int mUserAuthenticationValidityDurationSeconds = 0; + private @KeyProperties.AuthEnum int mUserAuthenticationType = + KeyProperties.AUTH_BIOMETRIC_STRONG; private boolean mUserPresenceRequired = false; private byte[] mAttestationChallenge = null; private boolean mUniqueIdIncluded = false; @@ -1240,7 +1241,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu if (seconds == -1) { return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG); } - return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG); + return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL + | KeyProperties.AUTH_BIOMETRIC_STRONG); } /** diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 8120a93e30e92..2e793dea3e05d 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -562,8 +562,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { private @KeyProperties.BlockModeEnum String[] mBlockModes; private boolean mRandomizedEncryptionRequired = true; private boolean mUserAuthenticationRequired; - private @KeyProperties.AuthEnum int mUserAuthenticationType; - private int mUserAuthenticationValidityDurationSeconds = -1; + private int mUserAuthenticationValidityDurationSeconds = 0; + private @KeyProperties.AuthEnum int mUserAuthenticationType = + KeyProperties.AUTH_BIOMETRIC_STRONG; private boolean mUserPresenceRequired = false; private boolean mUserAuthenticationValidWhileOnBody; private boolean mInvalidatedByBiometricEnrollment = true; @@ -870,7 +871,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { if (seconds == -1) { return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG); } - return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG); + return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL + | KeyProperties.AUTH_BIOMETRIC_STRONG); } /** diff --git a/keystore/java/android/security/keystore/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index 4ead253f3eea5..bc933ff13825f 100644 --- a/keystore/java/android/security/keystore/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -165,8 +165,7 @@ public abstract class KeymasterUtils { } args.addUnsignedLong(KeymasterDefs.KM_TAG_USER_SECURE_ID, KeymasterArguments.toUint64(sid)); - args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, - KeymasterDefs.HW_AUTH_PASSWORD | KeymasterDefs.HW_AUTH_BIOMETRIC); + args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType()); args.addUnsignedInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, spec.getUserAuthenticationValidityDurationSeconds()); if (spec.isUserAuthenticationValidWhileOnBody()) {