From be10891cab6ef8942cdeb6fd36920804199161a5 Mon Sep 17 00:00:00 2001 From: Allen Webb Date: Thu, 29 Mar 2018 09:50:45 -0700 Subject: [PATCH] keystore: Change superclass of UserPresenceUnavailableException. Also add additional comments to isTrustedUserPresenceRequired(). Test: m -j KeystoreTests && adb install -r out/target/product/${TARGET_PRODUCT}/data/app/KeystoreTests/KeystoreTests.apk adb shell am instrument Bug: 73392697 Bug: 76462141 Change-Id: Iabcc331adda53e2a5cad5ead6002dfbc29188da2 Signed-off-by: Allen Webb --- api/current.txt | 2 +- keystore/java/android/security/keystore/KeyProtection.java | 3 +++ .../security/keystore/UserPresenceUnavailableException.java | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/api/current.txt b/api/current.txt index d0eee5c1a438c..5471a5614bf52 100644 --- a/api/current.txt +++ b/api/current.txt @@ -38717,7 +38717,7 @@ package android.security.keystore { ctor public UserNotAuthenticatedException(java.lang.String, java.lang.Throwable); } - public class UserPresenceUnavailableException extends java.security.InvalidAlgorithmParameterException { + public class UserPresenceUnavailableException extends java.security.InvalidKeyException { ctor public UserPresenceUnavailableException(); ctor public UserPresenceUnavailableException(java.lang.String); ctor public UserPresenceUnavailableException(java.lang.String, java.lang.Throwable); diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index cc7870ce1889d..181a46aafcb50 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -445,6 +445,9 @@ public final class KeyProtection implements ProtectionParameter, UserAuthArgs { /** * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. + * It requires that the KeyStore implementation have a direct way to validate the user presence + * for example a KeyStore hardware backed strongbox can use a button press that is observable + * in hardware. */ public boolean isTrustedUserPresenceRequired() { return mTrustedUserPresenceRequired; diff --git a/keystore/java/android/security/keystore/UserPresenceUnavailableException.java b/keystore/java/android/security/keystore/UserPresenceUnavailableException.java index cf4099efc6695..1b053a5c857ea 100644 --- a/keystore/java/android/security/keystore/UserPresenceUnavailableException.java +++ b/keystore/java/android/security/keystore/UserPresenceUnavailableException.java @@ -16,13 +16,13 @@ package android.security.keystore; -import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; /** * Indicates the condition that a proof of user-presence was * requested but this proof was not presented. */ -public class UserPresenceUnavailableException extends InvalidAlgorithmParameterException { +public class UserPresenceUnavailableException extends InvalidKeyException { /** * Constructs a {@code UserPresenceUnavailableException} without a detail message or cause. */