Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing default behavior for keys requiring auth

Browse Source 
The default timeout and authentication type is being updated to offer a
correct default that matches the old behavior.

Bug: 148425329
Bug: 149931201
Test: CtsVerifier
Test: atest KeyguardLockedTests

Change-Id: Id20097b04ce881e7028609d2ba1c30c26ba3c8cf
This commit is contained in:
Max Bires
2020-03-11 01:53:59 -07:00
committed by Kevin Chyn
parent 3a68e2d0de
commit a811787a96
3 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
keystore/java/android/security/keystore/KeyGenParameterSpec.java
View File

@@ -764,8 +764,9 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
private @KeyProperties.BlockModeEnum String[] mBlockModes;
private boolean mRandomizedEncryptionRequired = true;
private boolean mUserAuthenticationRequired;
private int mUserAuthenticationValidityDurationSeconds = -1;
private @KeyProperties.AuthEnum int mUserAuthenticationType;
private int mUserAuthenticationValidityDurationSeconds = 0;
private @KeyProperties.AuthEnum int mUserAuthenticationType =
KeyProperties.AUTH_BIOMETRIC_STRONG;
private boolean mUserPresenceRequired = false;
private byte[] mAttestationChallenge = null;
private boolean mUniqueIdIncluded = false;
@@ -1240,7 +1241,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu
if (seconds == -1) {
return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG);
}
return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG);
return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL
| KeyProperties.AUTH_BIOMETRIC_STRONG);
}
/**

8
keystore/java/android/security/keystore/KeyProtection.java
View File

@@ -562,8 +562,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
private @KeyProperties.BlockModeEnum String[] mBlockModes;
private boolean mRandomizedEncryptionRequired = true;
private boolean mUserAuthenticationRequired;
private @KeyProperties.AuthEnum int mUserAuthenticationType;
private int mUserAuthenticationValidityDurationSeconds = -1;
private int mUserAuthenticationValidityDurationSeconds = 0;
private @KeyProperties.AuthEnum int mUserAuthenticationType =
KeyProperties.AUTH_BIOMETRIC_STRONG;
private boolean mUserPresenceRequired = false;
private boolean mUserAuthenticationValidWhileOnBody;
private boolean mInvalidatedByBiometricEnrollment = true;
@@ -870,7 +871,8 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs {
if (seconds == -1) {
return setUserAuthenticationParameters(0, KeyProperties.AUTH_BIOMETRIC_STRONG);
}
return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_BIOMETRIC_STRONG);
return setUserAuthenticationParameters(seconds, KeyProperties.AUTH_DEVICE_CREDENTIAL
| KeyProperties.AUTH_BIOMETRIC_STRONG);
}
/**

3
keystore/java/android/security/keystore/KeymasterUtils.java
View File

@@ -165,8 +165,7 @@ public abstract class KeymasterUtils {
}
args.addUnsignedLong(KeymasterDefs.KM_TAG_USER_SECURE_ID,
KeymasterArguments.toUint64(sid));
args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE,
KeymasterDefs.HW_AUTH_PASSWORD | KeymasterDefs.HW_AUTH_BIOMETRIC);
args.addEnum(KeymasterDefs.KM_TAG_USER_AUTH_TYPE, spec.getUserAuthenticationType());
args.addUnsignedInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT,
spec.getUserAuthenticationValidityDurationSeconds());
if (spec.isUserAuthenticationValidWhileOnBody()) {