Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

am c5a142f8: Merge "Flatten KeyStoreKeyProperties constants." into mnc-dev

Browse Source 
* commit 'c5a142f82b85aef4d740af4e8fefedf1cd0333fe':
  Flatten KeyStoreKeyProperties constants.
This commit is contained in:
Alex Klyubin
2015-05-12 20:09:36 +00:00
committed by Android Git Automerger
parent 571a7cef90 c5a142f82b
commit e39a219082
13 changed files with 455 additions and 567 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
api/current.txt
View File

@@ -28455,59 +28455,38 @@ package android.security {
}
public abstract class KeyStoreKeyProperties {
}
public static abstract class KeyStoreKeyProperties.Algorithm {
field public static final java.lang.String AES = "AES";
field public static final java.lang.String EC = "EC";
field public static final java.lang.String HMAC_SHA1 = "HmacSHA1";
field public static final java.lang.String HMAC_SHA224 = "HmacSHA224";
field public static final java.lang.String HMAC_SHA256 = "HmacSHA256";
field public static final java.lang.String HMAC_SHA384 = "HmacSHA384";
field public static final java.lang.String HMAC_SHA512 = "HmacSHA512";
field public static final java.lang.String RSA = "RSA";
}
public static abstract class KeyStoreKeyProperties.BlockMode {
field public static final java.lang.String CBC = "CBC";
field public static final java.lang.String CTR = "CTR";
field public static final java.lang.String ECB = "ECB";
field public static final java.lang.String GCM = "GCM";
}
public static abstract class KeyStoreKeyProperties.Digest {
field public static final java.lang.String MD5 = "MD5";
field public static final java.lang.String NONE = "NONE";
field public static final java.lang.String SHA1 = "SHA-1";
field public static final java.lang.String SHA224 = "SHA-224";
field public static final java.lang.String SHA256 = "SHA-256";
field public static final java.lang.String SHA384 = "SHA-384";
field public static final java.lang.String SHA512 = "SHA-512";
}
public static abstract class KeyStoreKeyProperties.EncryptionPadding {
field public static final java.lang.String NONE = "NoPadding";
field public static final java.lang.String PKCS7 = "PKCS7Padding";
field public static final java.lang.String RSA_OAEP = "OAEPPadding";
field public static final java.lang.String RSA_PKCS1 = "PKCS1Padding";
}
public static abstract class KeyStoreKeyProperties.Origin {
field public static final int GENERATED = 1; // 0x1
field public static final int IMPORTED = 2; // 0x2
field public static final int UNKNOWN = 4; // 0x4
}
public static abstract class KeyStoreKeyProperties.Purpose {
field public static final int DECRYPT = 2; // 0x2
field public static final int ENCRYPT = 1; // 0x1
field public static final int SIGN = 4; // 0x4
field public static final int VERIFY = 8; // 0x8
}
public static abstract class KeyStoreKeyProperties.SignaturePadding {
field public static final java.lang.String RSA_PKCS1 = "PKCS1";
field public static final java.lang.String RSA_PSS = "PSS";
field public static final java.lang.String BLOCK_MODE_CBC = "CBC";
field public static final java.lang.String BLOCK_MODE_CTR = "CTR";
field public static final java.lang.String BLOCK_MODE_ECB = "ECB";
field public static final java.lang.String BLOCK_MODE_GCM = "GCM";
field public static final java.lang.String DIGEST_MD5 = "MD5";
field public static final java.lang.String DIGEST_NONE = "NONE";
field public static final java.lang.String DIGEST_SHA1 = "SHA-1";
field public static final java.lang.String DIGEST_SHA224 = "SHA-224";
field public static final java.lang.String DIGEST_SHA256 = "SHA-256";
field public static final java.lang.String DIGEST_SHA384 = "SHA-384";
field public static final java.lang.String DIGEST_SHA512 = "SHA-512";
field public static final java.lang.String ENCRYPTION_PADDING_NONE = "NoPadding";
field public static final java.lang.String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
field public static final java.lang.String ENCRYPTION_PADDING_RSA_OAEP = "OAEPPadding";
field public static final java.lang.String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
field public static final java.lang.String KEY_ALGORITHM_AES = "AES";
field public static final java.lang.String KEY_ALGORITHM_EC = "EC";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA1 = "HmacSHA1";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA224 = "HmacSHA224";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA256 = "HmacSHA256";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA384 = "HmacSHA384";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA512 = "HmacSHA512";
field public static final java.lang.String KEY_ALGORITHM_RSA = "RSA";
field public static final int ORIGIN_GENERATED = 1; // 0x1
field public static final int ORIGIN_IMPORTED = 2; // 0x2
field public static final int ORIGIN_UNKNOWN = 4; // 0x4
field public static final int PURPOSE_DECRYPT = 2; // 0x2
field public static final int PURPOSE_ENCRYPT = 1; // 0x1
field public static final int PURPOSE_SIGN = 4; // 0x4
field public static final int PURPOSE_VERIFY = 8; // 0x8
field public static final java.lang.String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";
field public static final java.lang.String SIGNATURE_PADDING_RSA_PSS = "PSS";
}
public class KeyStoreKeySpec implements java.security.spec.KeySpec {

85
api/system-current.txt
View File

@@ -30478,59 +30478,38 @@ package android.security {
}
public abstract class KeyStoreKeyProperties {
}
public static abstract class KeyStoreKeyProperties.Algorithm {
field public static final java.lang.String AES = "AES";
field public static final java.lang.String EC = "EC";
field public static final java.lang.String HMAC_SHA1 = "HmacSHA1";
field public static final java.lang.String HMAC_SHA224 = "HmacSHA224";
field public static final java.lang.String HMAC_SHA256 = "HmacSHA256";
field public static final java.lang.String HMAC_SHA384 = "HmacSHA384";
field public static final java.lang.String HMAC_SHA512 = "HmacSHA512";
field public static final java.lang.String RSA = "RSA";
}
public static abstract class KeyStoreKeyProperties.BlockMode {
field public static final java.lang.String CBC = "CBC";
field public static final java.lang.String CTR = "CTR";
field public static final java.lang.String ECB = "ECB";
field public static final java.lang.String GCM = "GCM";
}
public static abstract class KeyStoreKeyProperties.Digest {
field public static final java.lang.String MD5 = "MD5";
field public static final java.lang.String NONE = "NONE";
field public static final java.lang.String SHA1 = "SHA-1";
field public static final java.lang.String SHA224 = "SHA-224";
field public static final java.lang.String SHA256 = "SHA-256";
field public static final java.lang.String SHA384 = "SHA-384";
field public static final java.lang.String SHA512 = "SHA-512";
}
public static abstract class KeyStoreKeyProperties.EncryptionPadding {
field public static final java.lang.String NONE = "NoPadding";
field public static final java.lang.String PKCS7 = "PKCS7Padding";
field public static final java.lang.String RSA_OAEP = "OAEPPadding";
field public static final java.lang.String RSA_PKCS1 = "PKCS1Padding";
}
public static abstract class KeyStoreKeyProperties.Origin {
field public static final int GENERATED = 1; // 0x1
field public static final int IMPORTED = 2; // 0x2
field public static final int UNKNOWN = 4; // 0x4
}
public static abstract class KeyStoreKeyProperties.Purpose {
field public static final int DECRYPT = 2; // 0x2
field public static final int ENCRYPT = 1; // 0x1
field public static final int SIGN = 4; // 0x4
field public static final int VERIFY = 8; // 0x8
}
public static abstract class KeyStoreKeyProperties.SignaturePadding {
field public static final java.lang.String RSA_PKCS1 = "PKCS1";
field public static final java.lang.String RSA_PSS = "PSS";
field public static final java.lang.String BLOCK_MODE_CBC = "CBC";
field public static final java.lang.String BLOCK_MODE_CTR = "CTR";
field public static final java.lang.String BLOCK_MODE_ECB = "ECB";
field public static final java.lang.String BLOCK_MODE_GCM = "GCM";
field public static final java.lang.String DIGEST_MD5 = "MD5";
field public static final java.lang.String DIGEST_NONE = "NONE";
field public static final java.lang.String DIGEST_SHA1 = "SHA-1";
field public static final java.lang.String DIGEST_SHA224 = "SHA-224";
field public static final java.lang.String DIGEST_SHA256 = "SHA-256";
field public static final java.lang.String DIGEST_SHA384 = "SHA-384";
field public static final java.lang.String DIGEST_SHA512 = "SHA-512";
field public static final java.lang.String ENCRYPTION_PADDING_NONE = "NoPadding";
field public static final java.lang.String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
field public static final java.lang.String ENCRYPTION_PADDING_RSA_OAEP = "OAEPPadding";
field public static final java.lang.String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
field public static final java.lang.String KEY_ALGORITHM_AES = "AES";
field public static final java.lang.String KEY_ALGORITHM_EC = "EC";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA1 = "HmacSHA1";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA224 = "HmacSHA224";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA256 = "HmacSHA256";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA384 = "HmacSHA384";
field public static final java.lang.String KEY_ALGORITHM_HMAC_SHA512 = "HmacSHA512";
field public static final java.lang.String KEY_ALGORITHM_RSA = "RSA";
field public static final int ORIGIN_GENERATED = 1; // 0x1
field public static final int ORIGIN_IMPORTED = 2; // 0x2
field public static final int ORIGIN_UNKNOWN = 4; // 0x4
field public static final int PURPOSE_DECRYPT = 2; // 0x2
field public static final int PURPOSE_ENCRYPT = 1; // 0x1
field public static final int PURPOSE_SIGN = 4; // 0x4
field public static final int PURPOSE_VERIFY = 8; // 0x8
field public static final java.lang.String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";
field public static final java.lang.String SIGNATURE_PADDING_RSA_PSS = "PSS";
}
public class KeyStoreKeySpec implements java.security.spec.KeySpec {

21
keystore/java/android/security/AndroidKeyPairGenerator.java
View File

@@ -54,13 +54,13 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
public static class RSA extends AndroidKeyPairGenerator {
public RSA() {
super(KeyStoreKeyProperties.Algorithm.RSA);
super(KeyStoreKeyProperties.KEY_ALGORITHM_RSA);
}
}
public static class EC extends AndroidKeyPairGenerator {
public EC() {
super(KeyStoreKeyProperties.Algorithm.EC);
super(KeyStoreKeyProperties.KEY_ALGORITHM_EC);
}
}
@@ -83,15 +83,15 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
private android.security.KeyStore mKeyStore;
private KeyPairGeneratorSpec mSpec;
private @KeyStoreKeyProperties.AlgorithmEnum String mKeyAlgorithm;
private @KeyStoreKeyProperties.KeyAlgorithmEnum String mKeyAlgorithm;
private int mKeyType;
private int mKeySize;
protected AndroidKeyPairGenerator(@KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
protected AndroidKeyPairGenerator(@KeyStoreKeyProperties.KeyAlgorithmEnum String algorithm) {
mAlgorithm = algorithm;
}
public @KeyStoreKeyProperties.AlgorithmEnum String getAlgorithm() {
@KeyStoreKeyProperties.KeyAlgorithmEnum String getAlgorithm() {
return mAlgorithm;
}
@@ -197,7 +197,8 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
return certGen.generate(privateKey);
}
private @KeyStoreKeyProperties.AlgorithmEnum String getKeyAlgorithm(KeyPairGeneratorSpec spec) {
private @KeyStoreKeyProperties.KeyAlgorithmEnum String getKeyAlgorithm(
KeyPairGeneratorSpec spec) {
String result = spec.getKeyType();
if (result != null) {
return result;
@@ -249,10 +250,10 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
}
private static String getDefaultSignatureAlgorithmForKeyAlgorithm(
@KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
if (KeyStoreKeyProperties.Algorithm.RSA.equalsIgnoreCase(algorithm)) {
@KeyStoreKeyProperties.KeyAlgorithmEnum String algorithm) {
if (KeyStoreKeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(algorithm)) {
return "sha256WithRSA";
} else if (KeyStoreKeyProperties.Algorithm.EC.equalsIgnoreCase(algorithm)) {
} else if (KeyStoreKeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(algorithm)) {
return "sha256WithECDSA";
} else {
throw new IllegalArgumentException("Unsupported key type " + algorithm);
@@ -288,7 +289,7 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
}
KeyPairGeneratorSpec spec = (KeyPairGeneratorSpec) params;
@KeyStoreKeyProperties.AlgorithmEnum String keyAlgorithm = getKeyAlgorithm(spec);
@KeyStoreKeyProperties.KeyAlgorithmEnum String keyAlgorithm = getKeyAlgorithm(spec);
int keyType = KeyStore.getKeyTypeForAlgorithm(keyAlgorithm);
if (keyType == -1) {
throw new InvalidAlgorithmParameterException(

12
keystore/java/android/security/AndroidKeyStore.java
View File

@@ -129,10 +129,10 @@ public class AndroidKeyStore extends KeyStoreSpi {
keymasterDigest = keymasterDigests.get(0);
}
@KeyStoreKeyProperties.AlgorithmEnum String keyAlgorithmString;
@KeyStoreKeyProperties.KeyAlgorithmEnum String keyAlgorithmString;
try {
keyAlgorithmString =
KeyStoreKeyProperties.Algorithm.fromKeymasterSecretKeyAlgorithm(
KeyStoreKeyProperties.KeyAlgorithm.fromKeymasterSecretKeyAlgorithm(
keymasterAlgorithm, keymasterDigest);
} catch (IllegalArgumentException e) {
throw (UnrecoverableKeyException)
@@ -453,10 +453,10 @@ public class AndroidKeyStore extends KeyStoreSpi {
int keymasterAlgorithm;
int keymasterDigest;
try {
keymasterAlgorithm = KeyStoreKeyProperties.Algorithm.toKeymasterSecretKeyAlgorithm(
keymasterAlgorithm = KeyStoreKeyProperties.KeyAlgorithm.toKeymasterSecretKeyAlgorithm(
keyAlgorithmString);
keymasterDigest =
KeyStoreKeyProperties.Algorithm.toKeymasterDigest(keyAlgorithmString);
KeyStoreKeyProperties.KeyAlgorithm.toKeymasterDigest(keyAlgorithmString);
} catch (IllegalArgumentException e) {
throw new KeyStoreException("Unsupported secret key algorithm: " + keyAlgorithmString);
}
@@ -497,7 +497,7 @@ public class AndroidKeyStore extends KeyStoreSpi {
@KeyStoreKeyProperties.PurposeEnum int purposes = params.getPurposes();
int[] keymasterBlockModes =
KeyStoreKeyProperties.BlockMode.allToKeymaster(params.getBlockModes());
if (((purposes & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0)
if (((purposes & KeyStoreKeyProperties.PURPOSE_ENCRYPT) != 0)
&& (params.isRandomizedEncryptionRequired())) {
for (int keymasterBlockMode : keymasterBlockModes) {
if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatible(keymasterBlockMode)) {
@@ -536,7 +536,7 @@ public class AndroidKeyStore extends KeyStoreSpi {
// TODO: Remove this once keymaster does not require us to specify the size of imported key.
args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, keyMaterial.length * 8);
if (((purposes & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0)
if (((purposes & KeyStoreKeyProperties.PURPOSE_ENCRYPT) != 0)
&& (!params.isRandomizedEncryptionRequired())) {
// Permit caller-provided IV when encrypting with this key
args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);

12
keystore/java/android/security/KeyChain.java
View File

@@ -266,7 +266,7 @@ public final class KeyChain {
*/
public static void choosePrivateKeyAlias(@NonNull Activity activity,
@NonNull KeyChainAliasCallback response,
@KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,
@KeyStoreKeyProperties.KeyAlgorithmEnum String[] keyTypes, Principal[] issuers,
@Nullable String host, int port, @Nullable String alias) {
choosePrivateKeyAlias(activity, response, keyTypes, issuers, host, port, null, alias);
}
@@ -312,7 +312,7 @@ public final class KeyChain {
*/
public static void choosePrivateKeyAlias(@NonNull Activity activity,
@NonNull KeyChainAliasCallback response,
@KeyStoreKeyProperties.AlgorithmEnum String[] keyTypes, Principal[] issuers,
@KeyStoreKeyProperties.KeyAlgorithmEnum String[] keyTypes, Principal[] issuers,
@Nullable String host, int port, @Nullable String url, @Nullable String alias) {
/*
* TODO currently keyTypes, issuers are unused. They are meant
@@ -439,10 +439,10 @@ public final class KeyChain {
* "RSA").
*/
public static boolean isKeyAlgorithmSupported(
@NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
@NonNull @KeyStoreKeyProperties.KeyAlgorithmEnum String algorithm) {
final String algUpper = algorithm.toUpperCase(Locale.US);
return KeyStoreKeyProperties.Algorithm.EC.equals(algUpper)
|| KeyStoreKeyProperties.Algorithm.RSA.equals(algUpper);
return KeyStoreKeyProperties.KEY_ALGORITHM_EC.equals(algUpper)
|| KeyStoreKeyProperties.KEY_ALGORITHM_RSA.equals(algUpper);
}
/**
@@ -453,7 +453,7 @@ public final class KeyChain {
* that makes it non-exportable.
*/
public static boolean isBoundKeyAlgorithm(
@NonNull @KeyStoreKeyProperties.AlgorithmEnum String algorithm) {
@NonNull @KeyStoreKeyProperties.KeyAlgorithmEnum String algorithm) {
if (!isKeyAlgorithmSupported(algorithm)) {
return false;
}

35
keystore/java/android/security/KeyGeneratorSpec.java
View File

@@ -56,13 +56,13 @@ import javax.crypto.KeyGenerator;
* been authenticated within the last five minutes.
* <pre> {@code
* KeyGenerator keyGenerator = KeyGenerator.getInstance(
* KeyStoreKeyProperties.Algorithm.HMAC_SHA256,
* KeyStoreKeyProperties.KEY_ALGORITHM_HMAC_SHA256,
* "AndroidKeyStore");
* keyGenerator.initialize(
* new KeyGeneratorSpec.Builder(context)
* .setAlias("key1")
* .setPurposes(KeyStoreKeyProperties.Purpose.SIGN
* | KeyStoreKeyProperties.Purpose.VERIFY)
* .setPurposes(KeyStoreKeyProperties.PURPOSE_SIGN
* | KeyStoreKeyProperties.PURPOSE_VERIFY)
* // Only permit this key to be used if the user authenticated
* // within the last five minutes.
* .setUserAuthenticationRequired(true)
@@ -192,20 +192,21 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which the
* key can be used.
* Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
}
/**
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code NoPadding}) with which
* the key can be used when encrypting/decrypting.
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code NoPadding}) with
* which the key can be used when encrypting/decrypting. Attempts to use the key with any
* other padding scheme will be rejected.
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
@@ -213,9 +214,11 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used.
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used
* when encrypting/decrypting. Attempts to use the key with any other block modes will be
* rejected.
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
@@ -394,12 +397,12 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which
* the key can be used.
* Sets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* <p>This must be specified for all keys. There is no default.
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
@@ -414,7 +417,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for keys which are used for encryption/decryption.
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public Builder setEncryptionPaddings(
@@ -430,7 +433,7 @@ public class KeyGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for encryption/decryption keys.
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {

105
keystore/java/android/security/KeyPairGeneratorSpec.java
View File

@@ -69,16 +69,16 @@ import javax.security.auth.x500.X500Principal;
* digest and only if the user has been authenticated within the last five minutes.
* <pre> {@code
* KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(
* KeyStoreKeyProperties.Algorithm.EC,
* KeyStoreKeyProperties.KEY_ALGORITHM_EC,
* "AndroidKeyStore");
* keyPairGenerator.initialize(
* new KeyGeneratorSpec.Builder(context)
* .setAlias("key2")
* .setPurposes(KeyStoreKeyProperties.Purpose.SIGN
* | KeyStoreKeyProperties.Purpose.VERIFY)
* .setDigests(KeyStoreKeyProperties.Digest.SHA256
* | KeyStoreKeyProperties.Digest.SHA384
* | KeyStoreKeyProperties.Digest.SHA512)
* .setPurposes(KeyStoreKeyProperties.PURPOSE_SIGN
* | KeyStoreKeyProperties.PURPOSE_VERIFY)
* .setDigests(KeyStoreKeyProperties.DIGEST_SHA256
* | KeyStoreKeyProperties.DIGEST_SHA384
* | KeyStoreKeyProperties.DIGEST_SHA512)
* // Only permit this key to be used if the user authenticated
* // within the last five minutes.
* .setUserAuthenticationRequired(true)
@@ -287,10 +287,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Returns the key type (e.g., "EC", "RSA") specified by this parameter.
* Returns the type of key pair (e.g., {@code EC}, {@code RSA}) to be generated. See
* {@link KeyStoreKeyProperties}.{@code KEY_ALGORITHM} constants.
*/
@Nullable
public @KeyStoreKeyProperties.AlgorithmEnum String getKeyType() {
public @KeyStoreKeyProperties.KeyAlgorithmEnum String getKeyType() {
return mKeyType;
}
@@ -395,10 +396,10 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which the
* key can be used.
* Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
@@ -416,10 +417,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of padding schemes (e.g., {@code PKCS1Padding}, {@code NoPadding}) with which
* the key can be used when encrypting/decrypting.
* Gets the set of padding schemes (e.g., {@code OEAPPadding}, {@code PKCS1Padding},
* {@code NoPadding}) with which the key can be used when encrypting/decrypting. Attempts to use
* the key with any other padding scheme will be rejected.
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
@@ -427,10 +429,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of padding schemes (e.g., {@code PSS}) with which the key can be used when
* signing/verifying.
* Gets the set of padding schemes (e.g., {@code PSS}, {@code PKCS#1}) with which the key
* can be used when signing/verifying. Attempts to use the key with any other padding scheme
* will be rejected.
*
* @see KeyStoreKeyProperties.SignaturePadding
* <p>See {@link KeyStoreKeyProperties}.{@code SIGNATURE_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {
@@ -438,9 +441,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used.
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used
* when encrypting/decrypting. Attempts to use the key with any other block modes will be
* rejected.
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
@@ -580,10 +585,12 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the key type (e.g., EC, RSA) of the keypair to be created.
* Sets the type of key pair (e.g., {@code EC}, {@code RSA}) of the key pair to be
* generated. See {@link KeyStoreKeyProperties}.{@code KEY_ALGORITHM} constants.
*
*/
@NonNull
public Builder setKeyType(@NonNull @KeyStoreKeyProperties.AlgorithmEnum String keyType)
public Builder setKeyType(@NonNull @KeyStoreKeyProperties.KeyAlgorithmEnum String keyType)
throws NoSuchAlgorithmException {
if (keyType == null) {
throw new NullPointerException("keyType == null");
@@ -713,7 +720,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see #setKeyValidityEnd(Date)
*/
@@ -728,7 +735,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
@@ -746,7 +753,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see #setKeyValidityForConsumptionEnd(Date)
*/
@@ -762,7 +769,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see #setKeyValidityForOriginationEnd(Date)
*/
@@ -773,20 +780,20 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which
* the key can be used.
* Sets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* <p>This must be specified for all keys. There is no default.
*
* <p>If the set of purposes for which the key can be used does not contain
* {@link KeyStoreKeyProperties.Purpose#SIGN}, the self-signed certificate generated by
* {@link KeyStoreKeyProperties#PURPOSE_SIGN}, the self-signed certificate generated by
* {@link KeyPairGenerator} of {@code AndroidKeyStore} provider will contain an invalid
* signature. This is OK if the certificate is only used for obtaining the public key from
* Android KeyStore.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
@@ -801,7 +808,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>This must be specified for keys which are used for signing/verification.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see KeyStoreKeyProperties.Digest
*/
@@ -812,15 +819,15 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the set of padding schemes (e.g., {@code PKCS1Padding}, {@code NoPadding}) with
* which the key can be used when encrypting/decrypting. Attempts to use the key with any
* other padding scheme will be rejected.
* Sets the set of padding schemes (e.g., {@code OAEPPadding}, {@code PKCS1Padding},
* {@code NoPadding}) with which the key can be used when encrypting/decrypting. Attempts to
* use the key with any other padding scheme will be rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public Builder setEncryptionPaddings(
@@ -830,15 +837,15 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the set of padding schemes (e.g., {@code PSS}) with which the key can be used when
* signing/verifying. Attempts to use the key with any other padding scheme will be
* rejected.
* Sets the set of padding schemes (e.g., {@code PSS}, {@code PKCS#1}) with which the key
* can be used when signing/verifying. Attempts to use the key with any other padding scheme
* will be rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see KeyStoreKeyProperties.SignaturePadding
* <p>See {@link KeyStoreKeyProperties}.{@code SIGNATURE_PADDING} constants.
*/
@NonNull
public Builder setSignaturePaddings(
@@ -848,15 +855,15 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
}
/**
* Sets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be
* used when encrypting/decrypting. Attempts to use the key with any other block modes will
* be rejected.
* Sets the set of block modes (e.g., {@code ECB}, {@code CBC}, {@code CTR}) with which the
* key can be used when encrypting/decrypting. Attempts to use the key with any other block
* modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
@@ -884,7 +891,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*/
@NonNull
public Builder setRandomizedEncryptionRequired(boolean required) {
@@ -908,7 +915,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* <p>This restriction applies only to private key operations. Public key operations are not
* restricted.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
@@ -927,7 +934,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* <p>This restriction applies only to private key operations. Public key operations are not
* restricted.
*
* <p><b>NOTE: This has currently no effect.
* <p><b>NOTE: This has currently no effect.</b>
*
* @param seconds duration in seconds or {@code -1} if the user needs to authenticate for
* every use of the key.

6
keystore/java/android/security/KeyStore.java
View File

@@ -131,10 +131,10 @@ public class KeyStore {
return mToken;
}
static int getKeyTypeForAlgorithm(@KeyStoreKeyProperties.AlgorithmEnum String keyType) {
if (KeyStoreKeyProperties.Algorithm.RSA.equalsIgnoreCase(keyType)) {
static int getKeyTypeForAlgorithm(@KeyStoreKeyProperties.KeyAlgorithmEnum String keyType) {
if (KeyStoreKeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyType)) {
return NativeConstants.EVP_PKEY_RSA;
} else if (KeyStoreKeyProperties.Algorithm.EC.equalsIgnoreCase(keyType)) {
} else if (KeyStoreKeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(keyType)) {
return NativeConstants.EVP_PKEY_EC;
} else {
return -1;

2
keystore/java/android/security/KeyStoreCipherSpi.java
View File

@@ -496,7 +496,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry
if ((mIv != null) && (mIv.length > 0)) {
try {
AlgorithmParameters params =
AlgorithmParameters.getInstance(KeyStoreKeyProperties.Algorithm.AES);
AlgorithmParameters.getInstance(KeyStoreKeyProperties.KEY_ALGORITHM_AES);
params.init(new IvParameterSpec(mIv));
return params;
} catch (NoSuchAlgorithmException e) {

8
keystore/java/android/security/KeyStoreKeyGeneratorSpi.java
View File

@@ -174,7 +174,7 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
spec.getEncryptionPaddings());
mKeymasterBlockModes =
KeyStoreKeyProperties.BlockMode.allToKeymaster(spec.getBlockModes());
if (((spec.getPurposes() & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0)
if (((spec.getPurposes() & KeyStoreKeyProperties.PURPOSE_ENCRYPT) != 0)
&& (spec.isRandomizedEncryptionRequired())) {
for (int keymasterBlockMode : mKeymasterBlockModes) {
if (!KeymasterUtils.isKeymasterBlockModeIndCpaCompatible(
@@ -247,7 +247,7 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
(spec.getKeyValidityForConsumptionEnd() != null)
? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE));
if (((spec.getPurposes() & KeyStoreKeyProperties.Purpose.ENCRYPT) != 0)
if (((spec.getPurposes() & KeyStoreKeyProperties.PURPOSE_ENCRYPT) != 0)
&& (!spec.isRandomizedEncryptionRequired())) {
// Permit caller-provided IV when encrypting with this key
args.addBoolean(KeymasterDefs.KM_TAG_CALLER_NONCE);
@@ -265,9 +265,9 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
throw new ProviderException(
"Keystore operation failed", KeyStore.getKeyStoreException(errorCode));
}
String keyAlgorithmJCA;
@KeyStoreKeyProperties.KeyAlgorithmEnum String keyAlgorithmJCA;
try {
keyAlgorithmJCA = KeyStoreKeyProperties.Algorithm.fromKeymasterSecretKeyAlgorithm(
keyAlgorithmJCA = KeyStoreKeyProperties.KeyAlgorithm.fromKeymasterSecretKeyAlgorithm(
mKeymasterAlgorithm, mKeymasterDigest);
} catch (IllegalArgumentException e) {
throw new ProviderException("Failed to obtain JCA secret key algorithm name", e);

531
keystore/java/android/security/KeyStoreKeyProperties.java
View File

@@ -26,17 +26,9 @@ import libcore.util.EmptyArray;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.util.Collection;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKeyFactory;
/**
* Properties of {@code AndroidKeyStore} keys.
*/
@@ -48,76 +40,69 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@IntDef(flag = true,
value = {Purpose.ENCRYPT, Purpose.DECRYPT, Purpose.SIGN, Purpose.VERIFY})
value = {
PURPOSE_ENCRYPT,
PURPOSE_DECRYPT,
PURPOSE_SIGN,
PURPOSE_VERIFY,
})
public @interface PurposeEnum {}
/**
* Purposes of key.
* Purpose of key: encryption.
*/
public static abstract class Purpose {
public static final int PURPOSE_ENCRYPT = 1 << 0;
/**
* Purpose of key: decryption.
*/
public static final int PURPOSE_DECRYPT = 1 << 1;
/**
* Purpose of key: signing or generating a Message Authentication Code (MAC).
*/
public static final int PURPOSE_SIGN = 1 << 2;
/**
* Purpose of key: signature or Message Authentication Code (MAC) verification.
*/
public static final int PURPOSE_VERIFY = 1 << 3;
static abstract class Purpose {
private Purpose() {}
/**
* Purpose: encryption.
*/
public static final int ENCRYPT = 1 << 0;
/**
* Purpose: decryption.
*/
public static final int DECRYPT = 1 << 1;
/**
* Purpose: signing.
*/
public static final int SIGN = 1 << 2;
/**
* Purpose: signature verification.
*/
public static final int VERIFY = 1 << 3;
/**
* @hide
*/
public static int toKeymaster(@PurposeEnum int purpose) {
static int toKeymaster(@PurposeEnum int purpose) {
switch (purpose) {
case ENCRYPT:
case PURPOSE_ENCRYPT:
return KeymasterDefs.KM_PURPOSE_ENCRYPT;
case DECRYPT:
case PURPOSE_DECRYPT:
return KeymasterDefs.KM_PURPOSE_DECRYPT;
case SIGN:
case PURPOSE_SIGN:
return KeymasterDefs.KM_PURPOSE_SIGN;
case VERIFY:
case PURPOSE_VERIFY:
return KeymasterDefs.KM_PURPOSE_VERIFY;
default:
throw new IllegalArgumentException("Unknown purpose: " + purpose);
}
}
/**
* @hide
*/
public static @PurposeEnum int fromKeymaster(int purpose) {
static @PurposeEnum int fromKeymaster(int purpose) {
switch (purpose) {
case KeymasterDefs.KM_PURPOSE_ENCRYPT:
return ENCRYPT;
return PURPOSE_ENCRYPT;
case KeymasterDefs.KM_PURPOSE_DECRYPT:
return DECRYPT;
return PURPOSE_DECRYPT;
case KeymasterDefs.KM_PURPOSE_SIGN:
return SIGN;
return PURPOSE_SIGN;
case KeymasterDefs.KM_PURPOSE_VERIFY:
return VERIFY;
return PURPOSE_VERIFY;
default:
throw new IllegalArgumentException("Unknown purpose: " + purpose);
}
}
/**
* @hide
*/
@NonNull
public static int[] allToKeymaster(@PurposeEnum int purposes) {
static int[] allToKeymaster(@PurposeEnum int purposes) {
int[] result = getSetFlags(purposes);
for (int i = 0; i < result.length; i++) {
result[i] = toKeymaster(result[i]);
@@ -125,10 +110,7 @@ public abstract class KeyStoreKeyProperties {
return result;
}
/**
* @hide
*/
public static @PurposeEnum int allFromKeymaster(@NonNull Collection<Integer> purposes) {
static @PurposeEnum int allFromKeymaster(@NonNull Collection<Integer> purposes) {
@PurposeEnum int result = 0;
for (int keymasterPurpose : purposes) {
result |= fromKeymaster(keymasterPurpose);
@@ -142,57 +124,46 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@StringDef({
Algorithm.RSA,
Algorithm.EC,
Algorithm.AES,
Algorithm.HMAC_SHA1,
Algorithm.HMAC_SHA224,
Algorithm.HMAC_SHA256,
Algorithm.HMAC_SHA384,
Algorithm.HMAC_SHA512,
KEY_ALGORITHM_RSA,
KEY_ALGORITHM_EC,
KEY_ALGORITHM_AES,
KEY_ALGORITHM_HMAC_SHA1,
KEY_ALGORITHM_HMAC_SHA224,
KEY_ALGORITHM_HMAC_SHA256,
KEY_ALGORITHM_HMAC_SHA384,
KEY_ALGORITHM_HMAC_SHA512,
})
public @interface AlgorithmEnum {}
public @interface KeyAlgorithmEnum {}
/**
* Key algorithms.
*
* <p>These are standard names which can be used to obtain instances of {@link KeyGenerator},
* {@link KeyPairGenerator}, {@link Cipher} (as part of the transformation string), {@link Mac},
* {@link KeyFactory}, {@link SecretKeyFactory}. These are also the names used by
* {@link Key#getAlgorithm()}.
*/
public static abstract class Algorithm {
private Algorithm() {}
/** Rivest Shamir Adleman (RSA) key. */
public static final String KEY_ALGORITHM_RSA = "RSA";
/** Rivest Shamir Adleman (RSA) key. */
public static final String RSA = "RSA";
/** Elliptic Curve (EC) Cryptography key. */
public static final String KEY_ALGORITHM_EC = "EC";
/** Elliptic Curve (EC) key. */
public static final String EC = "EC";
/** Advanced Encryption Standard (AES) key. */
public static final String KEY_ALGORITHM_AES = "AES";
/** Advanced Encryption Standard (AES) key. */
public static final String AES = "AES";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-1 as the hash. */
public static final String KEY_ALGORITHM_HMAC_SHA1 = "HmacSHA1";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-1 as the hash. */
public static final String HMAC_SHA1 = "HmacSHA1";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-224 as the hash. */
public static final String KEY_ALGORITHM_HMAC_SHA224 = "HmacSHA224";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-224 as the hash. */
public static final String HMAC_SHA224 = "HmacSHA224";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-256 as the hash. */
public static final String KEY_ALGORITHM_HMAC_SHA256 = "HmacSHA256";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-256 as the hash. */
public static final String HMAC_SHA256 = "HmacSHA256";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-384 as the hash. */
public static final String KEY_ALGORITHM_HMAC_SHA384 = "HmacSHA384";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-384 as the hash. */
public static final String HMAC_SHA384 = "HmacSHA384";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-512 as the hash. */
public static final String KEY_ALGORITHM_HMAC_SHA512 = "HmacSHA512";
/** Keyed-Hash Message Authentication Code (HMAC) key using SHA-512 as the hash. */
public static final String HMAC_SHA512 = "HmacSHA512";
static abstract class KeyAlgorithm {
private KeyAlgorithm() {}
/**
* @hide
*/
static int toKeymasterSecretKeyAlgorithm(@NonNull @AlgorithmEnum String algorithm) {
if (AES.equalsIgnoreCase(algorithm)) {
static int toKeymasterSecretKeyAlgorithm(@NonNull @KeyAlgorithmEnum String algorithm) {
if (KEY_ALGORITHM_AES.equalsIgnoreCase(algorithm)) {
return KeymasterDefs.KM_ALGORITHM_AES;
} else if (algorithm.toUpperCase(Locale.US).startsWith("HMAC")) {
return KeymasterDefs.KM_ALGORITHM_HMAC;
@@ -202,11 +173,8 @@ public abstract class KeyStoreKeyProperties {
}
}
/**
* @hide
*/
@NonNull
static @AlgorithmEnum String fromKeymasterSecretKeyAlgorithm(
static @KeyAlgorithmEnum String fromKeymasterSecretKeyAlgorithm(
int keymasterAlgorithm, int keymasterDigest) {
switch (keymasterAlgorithm) {
case KeymasterDefs.KM_ALGORITHM_AES:
@@ -214,26 +182,26 @@ public abstract class KeyStoreKeyProperties {
throw new IllegalArgumentException("Digest not supported for AES key: "
+ Digest.fromKeymaster(keymasterDigest));
}
return AES;
return KEY_ALGORITHM_AES;
case KeymasterDefs.KM_ALGORITHM_HMAC:
switch (keymasterDigest) {
case KeymasterDefs.KM_DIGEST_SHA1:
return HMAC_SHA1;
return KEY_ALGORITHM_HMAC_SHA1;
case KeymasterDefs.KM_DIGEST_SHA_2_224:
return HMAC_SHA224;
return KEY_ALGORITHM_HMAC_SHA224;
case KeymasterDefs.KM_DIGEST_SHA_2_256:
return HMAC_SHA256;
return KEY_ALGORITHM_HMAC_SHA256;
case KeymasterDefs.KM_DIGEST_SHA_2_384:
return HMAC_SHA384;
return KEY_ALGORITHM_HMAC_SHA384;
case KeymasterDefs.KM_DIGEST_SHA_2_512:
return HMAC_SHA512;
return KEY_ALGORITHM_HMAC_SHA512;
default:
throw new IllegalArgumentException("Unsupported HMAC digest: "
+ Digest.fromKeymaster(keymasterDigest));
}
default:
throw new IllegalArgumentException(
"Unsupported algorithm: " + keymasterAlgorithm);
"Unsupported key algorithm: " + keymasterAlgorithm);
}
}
@@ -242,7 +210,7 @@ public abstract class KeyStoreKeyProperties {
*
* @return keymaster digest or {@code -1} if the algorithm does not involve a digest.
*/
static int toKeymasterDigest(@NonNull @AlgorithmEnum String algorithm) {
static int toKeymasterDigest(@NonNull @KeyAlgorithmEnum String algorithm) {
String algorithmUpper = algorithm.toUpperCase(Locale.US);
if (algorithmUpper.startsWith("HMAC")) {
String digestUpper = algorithmUpper.substring("HMAC".length());
@@ -272,70 +240,58 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@StringDef({
BlockMode.ECB,
BlockMode.CBC,
BlockMode.CTR,
BlockMode.GCM,
BLOCK_MODE_ECB,
BLOCK_MODE_CBC,
BLOCK_MODE_CTR,
BLOCK_MODE_GCM,
})
public @interface BlockModeEnum {}
/**
* Block modes that can be used when encrypting/decrypting using a key.
*/
public static abstract class BlockMode {
/** Electronic Codebook (ECB) block mode. */
public static final String BLOCK_MODE_ECB = "ECB";
/** Cipher Block Chaining (CBC) block mode. */
public static final String BLOCK_MODE_CBC = "CBC";
/** Counter (CTR) block mode. */
public static final String BLOCK_MODE_CTR = "CTR";
/** Galois/Counter Mode (GCM) block mode. */
public static final String BLOCK_MODE_GCM = "GCM";
static abstract class BlockMode {
private BlockMode() {}
/** Electronic Codebook (ECB) block mode. */
public static final String ECB = "ECB";
/** Cipher Block Chaining (CBC) block mode. */
public static final String CBC = "CBC";
/** Counter (CTR) block mode. */
public static final String CTR = "CTR";
/** Galois/Counter Mode (GCM) block mode. */
public static final String GCM = "GCM";
/**
* @hide
*/
static int toKeymaster(@NonNull @BlockModeEnum String blockMode) {
if (ECB.equalsIgnoreCase(blockMode)) {
if (BLOCK_MODE_ECB.equalsIgnoreCase(blockMode)) {
return KeymasterDefs.KM_MODE_ECB;
} else if (CBC.equalsIgnoreCase(blockMode)) {
} else if (BLOCK_MODE_CBC.equalsIgnoreCase(blockMode)) {
return KeymasterDefs.KM_MODE_CBC;
} else if (CTR.equalsIgnoreCase(blockMode)) {
} else if (BLOCK_MODE_CTR.equalsIgnoreCase(blockMode)) {
return KeymasterDefs.KM_MODE_CTR;
} else if (GCM.equalsIgnoreCase(blockMode)) {
} else if (BLOCK_MODE_GCM.equalsIgnoreCase(blockMode)) {
return KeymasterDefs.KM_MODE_GCM;
} else {
throw new IllegalArgumentException("Unsupported block mode: " + blockMode);
}
}
/**
* @hide
*/
@NonNull
static @BlockModeEnum String fromKeymaster(int blockMode) {
switch (blockMode) {
case KeymasterDefs.KM_MODE_ECB:
return ECB;
return BLOCK_MODE_ECB;
case KeymasterDefs.KM_MODE_CBC:
return CBC;
return BLOCK_MODE_CBC;
case KeymasterDefs.KM_MODE_CTR:
return CTR;
return BLOCK_MODE_CTR;
case KeymasterDefs.KM_MODE_GCM:
return GCM;
return BLOCK_MODE_GCM;
default:
throw new IllegalArgumentException("Unsupported block mode: " + blockMode);
}
}
/**
* @hide
*/
@NonNull
static @BlockModeEnum String[] allFromKeymaster(@NonNull Collection<Integer> blockModes) {
if ((blockModes == null) || (blockModes.isEmpty())) {
@@ -350,9 +306,6 @@ public abstract class KeyStoreKeyProperties {
return result;
}
/**
* @hide
*/
static int[] allToKeymaster(@Nullable @BlockModeEnum String[] blockModes) {
if ((blockModes == null) || (blockModes.length == 0)) {
return EmptyArray.INT;
@@ -370,50 +323,44 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@StringDef({
EncryptionPadding.NONE,
EncryptionPadding.PKCS7,
EncryptionPadding.RSA_PKCS1,
EncryptionPadding.RSA_OAEP,
ENCRYPTION_PADDING_NONE,
ENCRYPTION_PADDING_PKCS7,
ENCRYPTION_PADDING_RSA_PKCS1,
ENCRYPTION_PADDING_RSA_OAEP,
})
public @interface EncryptionPaddingEnum {}
/**
* Padding schemes for encryption/decryption.
* No encryption padding.
*/
public static abstract class EncryptionPadding {
public static final String ENCRYPTION_PADDING_NONE = "NoPadding";
/**
* PKCS#7 encryption padding scheme.
*/
public static final String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding";
/**
* RSA PKCS#1 v1.5 padding scheme for encryption.
*/
public static final String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding";
/**
* RSA Optimal Asymmetric Encryption Padding (OAEP) scheme.
*/
public static final String ENCRYPTION_PADDING_RSA_OAEP = "OAEPPadding";
static abstract class EncryptionPadding {
private EncryptionPadding() {}
/**
* No padding.
*/
public static final String NONE = "NoPadding";
/**
* PKCS#7 padding.
*/
public static final String PKCS7 = "PKCS7Padding";
/**
* RSA PKCS#1 v1.5 padding for encryption/decryption.
*/
public static final String RSA_PKCS1 = "PKCS1Padding";
/**
* RSA Optimal Asymmetric Encryption Padding (OAEP).
*/
public static final String RSA_OAEP = "OAEPPadding";
/**
* @hide
*/
static int toKeymaster(@NonNull @EncryptionPaddingEnum String padding) {
if (NONE.equalsIgnoreCase(padding)) {
if (ENCRYPTION_PADDING_NONE.equalsIgnoreCase(padding)) {
return KeymasterDefs.KM_PAD_NONE;
} else if (PKCS7.equalsIgnoreCase(padding)) {
} else if (ENCRYPTION_PADDING_PKCS7.equalsIgnoreCase(padding)) {
return KeymasterDefs.KM_PAD_PKCS7;
} else if (RSA_PKCS1.equalsIgnoreCase(padding)) {
} else if (ENCRYPTION_PADDING_RSA_PKCS1.equalsIgnoreCase(padding)) {
return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT;
} else if (RSA_OAEP.equalsIgnoreCase(padding)) {
} else if (ENCRYPTION_PADDING_RSA_OAEP.equalsIgnoreCase(padding)) {
return KeymasterDefs.KM_PAD_RSA_OAEP;
} else {
throw new IllegalArgumentException(
@@ -421,29 +368,23 @@ public abstract class KeyStoreKeyProperties {
}
}
/**
* @hide
*/
@NonNull
static @EncryptionPaddingEnum String fromKeymaster(int padding) {
switch (padding) {
case KeymasterDefs.KM_PAD_NONE:
return NONE;
return ENCRYPTION_PADDING_NONE;
case KeymasterDefs.KM_PAD_PKCS7:
return PKCS7;
return ENCRYPTION_PADDING_PKCS7;
case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
return RSA_PKCS1;
return ENCRYPTION_PADDING_RSA_PKCS1;
case KeymasterDefs.KM_PAD_RSA_OAEP:
return RSA_OAEP;
return ENCRYPTION_PADDING_RSA_OAEP;
default:
throw new IllegalArgumentException(
"Unsupported encryption padding: " + padding);
}
}
/**
* @hide
*/
@NonNull
static int[] allToKeymaster(@Nullable @EncryptionPaddingEnum String[] paddings) {
if ((paddings == null) || (paddings.length == 0)) {
@@ -462,35 +403,29 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@StringDef({
SignaturePadding.RSA_PKCS1,
SignaturePadding.RSA_PSS,
SIGNATURE_PADDING_RSA_PKCS1,
SIGNATURE_PADDING_RSA_PSS,
})
public @interface SignaturePaddingEnum {}
/**
* Padding schemes for signing/verification.
* RSA PKCS#1 v1.5 padding for signatures.
*/
public static abstract class SignaturePadding {
public static final String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";
/**
* RSA PKCS#1 v2.1 Probabilistic Signature Scheme (PSS) padding.
*/
public static final String SIGNATURE_PADDING_RSA_PSS = "PSS";
static abstract class SignaturePadding {
private SignaturePadding() {}
/**
* RSA PKCS#1 v1.5 padding for signatures.
*/
public static final String RSA_PKCS1 = "PKCS1";
/**
* RSA PKCS#1 v2.1 Probabilistic Signature Scheme (PSS) padding.
*/
public static final String RSA_PSS = "PSS";
/**
* @hide
*/
static int toKeymaster(@NonNull @SignaturePaddingEnum String padding) {
switch (padding.toUpperCase(Locale.US)) {
case RSA_PKCS1:
case SIGNATURE_PADDING_RSA_PKCS1:
return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN;
case RSA_PSS:
case SIGNATURE_PADDING_RSA_PSS:
return KeymasterDefs.KM_PAD_RSA_PSS;
default:
throw new IllegalArgumentException(
@@ -498,24 +433,18 @@ public abstract class KeyStoreKeyProperties {
}
}
/**
* @hide
*/
@NonNull
static @SignaturePaddingEnum String fromKeymaster(int padding) {
switch (padding) {
case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN:
return RSA_PKCS1;
return SIGNATURE_PADDING_RSA_PKCS1;
case KeymasterDefs.KM_PAD_RSA_PSS:
return RSA_PSS;
return SIGNATURE_PADDING_RSA_PSS;
default:
throw new IllegalArgumentException("Unsupported signature padding: " + padding);
}
}
/**
* @hide
*/
@NonNull
static int[] allToKeymaster(@Nullable @SignaturePaddingEnum String[] paddings) {
if ((paddings == null) || (paddings.length == 0)) {
@@ -534,110 +463,97 @@ public abstract class KeyStoreKeyProperties {
*/
@Retention(RetentionPolicy.SOURCE)
@StringDef({
Digest.NONE,
Digest.MD5,
Digest.SHA1,
Digest.SHA224,
Digest.SHA256,
Digest.SHA384,
Digest.SHA512,
DIGEST_NONE,
DIGEST_MD5,
DIGEST_SHA1,
DIGEST_SHA224,
DIGEST_SHA256,
DIGEST_SHA384,
DIGEST_SHA512,
})
public @interface DigestEnum {}
/**
* Digests that can be used with a key when signing or generating Message Authentication
* Codes (MACs).
* No digest: sign/authenticate the raw message.
*/
public static abstract class Digest {
public static final String DIGEST_NONE = "NONE";
/**
* MD5 digest.
*/
public static final String DIGEST_MD5 = "MD5";
/**
* SHA-1 digest.
*/
public static final String DIGEST_SHA1 = "SHA-1";
/**
* SHA-2 224 (aka SHA-224) digest.
*/
public static final String DIGEST_SHA224 = "SHA-224";
/**
* SHA-2 256 (aka SHA-256) digest.
*/
public static final String DIGEST_SHA256 = "SHA-256";
/**
* SHA-2 384 (aka SHA-384) digest.
*/
public static final String DIGEST_SHA384 = "SHA-384";
/**
* SHA-2 512 (aka SHA-512) digest.
*/
public static final String DIGEST_SHA512 = "SHA-512";
static abstract class Digest {
private Digest() {}
/**
* No digest: sign/authenticate the raw message.
*/
public static final String NONE = "NONE";
/**
* MD5 digest.
*/
public static final String MD5 = "MD5";
/**
* SHA-1 digest.
*/
public static final String SHA1 = "SHA-1";
/**
* SHA-2 224 (aka SHA-224) digest.
*/
public static final String SHA224 = "SHA-224";
/**
* SHA-2 256 (aka SHA-256) digest.
*/
public static final String SHA256 = "SHA-256";
/**
* SHA-2 384 (aka SHA-384) digest.
*/
public static final String SHA384 = "SHA-384";
/**
* SHA-2 512 (aka SHA-512) digest.
*/
public static final String SHA512 = "SHA-512";
/**
* @hide
*/
static int toKeymaster(@NonNull @DigestEnum String digest) {
switch (digest.toUpperCase(Locale.US)) {
case SHA1:
case DIGEST_SHA1:
return KeymasterDefs.KM_DIGEST_SHA1;
case SHA224:
case DIGEST_SHA224:
return KeymasterDefs.KM_DIGEST_SHA_2_224;
case SHA256:
case DIGEST_SHA256:
return KeymasterDefs.KM_DIGEST_SHA_2_256;
case SHA384:
case DIGEST_SHA384:
return KeymasterDefs.KM_DIGEST_SHA_2_384;
case SHA512:
case DIGEST_SHA512:
return KeymasterDefs.KM_DIGEST_SHA_2_512;
case NONE:
case DIGEST_NONE:
return KeymasterDefs.KM_DIGEST_NONE;
case MD5:
case DIGEST_MD5:
return KeymasterDefs.KM_DIGEST_MD5;
default:
throw new IllegalArgumentException("Unsupported digest algorithm: " + digest);
}
}
/**
* @hide
*/
@NonNull
static @DigestEnum String fromKeymaster(int digest) {
switch (digest) {
case KeymasterDefs.KM_DIGEST_NONE:
return NONE;
return DIGEST_NONE;
case KeymasterDefs.KM_DIGEST_MD5:
return MD5;
return DIGEST_MD5;
case KeymasterDefs.KM_DIGEST_SHA1:
return SHA1;
return DIGEST_SHA1;
case KeymasterDefs.KM_DIGEST_SHA_2_224:
return SHA224;
return DIGEST_SHA224;
case KeymasterDefs.KM_DIGEST_SHA_2_256:
return SHA256;
return DIGEST_SHA256;
case KeymasterDefs.KM_DIGEST_SHA_2_384:
return SHA384;
return DIGEST_SHA384;
case KeymasterDefs.KM_DIGEST_SHA_2_512:
return SHA512;
return DIGEST_SHA512;
default:
throw new IllegalArgumentException("Unsupported digest algorithm: " + digest);
}
}
/**
* @hide
*/
@NonNull
static @DigestEnum String[] allFromKeymaster(@NonNull Collection<Integer> digests) {
if (digests.isEmpty()) {
@@ -652,9 +568,6 @@ public abstract class KeyStoreKeyProperties {
return result;
}
/**
* @hide
*/
@NonNull
static int[] allToKeymaster(@Nullable @DigestEnum String[] digests) {
if ((digests == null) || (digests.length == 0)) {
@@ -674,38 +587,36 @@ public abstract class KeyStoreKeyProperties {
* @hide
*/
@Retention(RetentionPolicy.SOURCE)
@IntDef({Origin.GENERATED, Origin.IMPORTED, Origin.UNKNOWN})
@IntDef({
ORIGIN_GENERATED,
ORIGIN_IMPORTED,
ORIGIN_UNKNOWN,
})
public @interface OriginEnum {}
/** Key was generated inside AndroidKeyStore. */
public static final int ORIGIN_GENERATED = 1 << 0;
/** Key was imported into AndroidKeyStore. */
public static final int ORIGIN_IMPORTED = 1 << 1;
/**
* Origin of the key.
* Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed
* implementation which does not record origin information.
*/
public static abstract class Origin {
public static final int ORIGIN_UNKNOWN = 1 << 2;
static abstract class Origin {
private Origin() {}
/** Key was generated inside AndroidKeyStore. */
public static final int GENERATED = 1 << 0;
/** Key was imported into AndroidKeyStore. */
public static final int IMPORTED = 1 << 1;
/**
* Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed
* implementation which does not record origin information.
*/
public static final int UNKNOWN = 1 << 2;
/**
* @hide
*/
public static @OriginEnum int fromKeymaster(int origin) {
static @OriginEnum int fromKeymaster(int origin) {
switch (origin) {
case KeymasterDefs.KM_ORIGIN_GENERATED:
return GENERATED;
return ORIGIN_GENERATED;
case KeymasterDefs.KM_ORIGIN_IMPORTED:
return IMPORTED;
return ORIGIN_IMPORTED;
case KeymasterDefs.KM_ORIGIN_UNKNOWN:
return UNKNOWN;
return ORIGIN_UNKNOWN;
default:
throw new IllegalArgumentException("Unknown origin: " + origin);
}

28
keystore/java/android/security/KeyStoreKeySpec.java
View File

@@ -135,7 +135,7 @@ public class KeyStoreKeySpec implements KeySpec {
}
/**
* Gets the origin of the key.
* Gets the origin of the key. See {@link KeyStoreKeyProperties}.{@code ORIGIN} constants.
*/
public @KeyStoreKeyProperties.OriginEnum int getOrigin() {
return mOrigin;
@@ -179,19 +179,21 @@ public class KeyStoreKeySpec implements KeySpec {
}
/**
* Gets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which the
* key can be used.
* Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
}
/**
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used.
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used
* when encrypting/decrypting. Attempts to use the key with any other block modes will be
* rejected.
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
@@ -199,10 +201,11 @@ public class KeyStoreKeySpec implements KeySpec {
}
/**
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code NoPadding}) with which
* the key can be used when encrypting/decrypting.
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code PKCS1Padding},
* {@code NoPadding}) with which the key can be used when encrypting/decrypting. Attempts to use
* the key with any other padding scheme will be rejected.
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
@@ -210,10 +213,11 @@ public class KeyStoreKeySpec implements KeySpec {
}
/**
* Gets the set of padding schemes (e.g., {@code PSS}) with which the key can be used when
* signing/verifying.
* Gets the set of padding schemes (e.g., {@code PSS}, {@code PKCS#1}) with which the key
* can be used when signing/verifying. Attempts to use the key with any other padding scheme
* will be rejected.
*
* @see KeyStoreKeyProperties.SignaturePadding
* <p>See {@link KeyStoreKeyProperties}.{@code SIGNATURE_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {

92
keystore/java/android/security/KeyStoreParameter.java
View File

@@ -62,11 +62,11 @@ import javax.crypto.Cipher;
* "key1",
* new KeyStore.SecretKeyEntry(key),
* new KeyStoreParameter.Builder(context)
* .setPurposes(KeyStoreKeyProperties.Purpose.ENCRYPT
* | KeyStoreKeyProperties.Purpose.DECRYPT)
* .setBlockMode(KeyStoreKeyProperties.BlockMode.CBC)
* .setPurposes(KeyStoreKeyProperties.PURPOSE_ENCRYPT
* | KeyStoreKeyProperties.PURPOSE_DECRYPT)
* .setBlockMode(KeyStoreKeyProperties.BLOCK_MODE_CBC)
* .setEncryptionPaddings(
* KeyStoreKeyProperties.EncryptionPaddings.PKCS7)
* KeyStoreKeyProperties.ENCRYPTION_PADDING_PKCS7)
* .build());
* // Key imported, obtain a reference to it.
* SecretKey keyStoreKey = (SecretKey) keyStore.getKey("key1", null);
@@ -90,8 +90,8 @@ import javax.crypto.Cipher;
* "key2",
* new KeyStore.PrivateKeyEntry(privateKey, certChain),
* new KeyStoreParameter.Builder(context)
* .setPurposes(KeyStoreKeyProperties.Purpose.SIGN)
* .setDigests(KeyStoreKeyProperties.Digest.SHA256)
* .setPurposes(KeyStoreKeyProperties.PURPOSE_SIGN)
* .setDigests(KeyStoreKeyProperties.DIGEST_SHA256)
* // Only permit this key to be used if the user
* // authenticated within the last ten minutes.
* .setUserAuthenticationRequired(true)
@@ -211,20 +211,21 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Gets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which the
* key can be used.
* Gets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
public @KeyStoreKeyProperties.PurposeEnum int getPurposes() {
return mPurposes;
}
/**
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code NoPadding}) with which
* the key can be used when encrypting/decrypting.
* Gets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code PKCS1Padding},
* {@code NoPadding}) with which the key can be used when encrypting/decrypting. Attempts to use
* the key with any other padding scheme will be rejected.
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.EncryptionPaddingEnum String[] getEncryptionPaddings() {
@@ -232,10 +233,11 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Gets the set of padding schemes (e.g., {@code PSS}) with which the key can be used when
* signing or verifying signatures.
* Gets the set of padding schemes (e.g., {@code PSS}, {@code PKCS#1}) with which the key
* can be used when signing/verifying. Attempts to use the key with any other padding scheme
* will be rejected.
*
* @see KeyStoreKeyProperties.SignaturePadding
* <p>See {@link KeyStoreKeyProperties}.{@code SIGNATURE_PADDING} constants.
*/
@NonNull
public @KeyStoreKeyProperties.SignaturePaddingEnum String[] getSignaturePaddings() {
@@ -271,9 +273,11 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used.
* Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used
* when encrypting/decrypting. Attempts to use the key with any other block modes will be
* rejected.
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public @KeyStoreKeyProperties.BlockModeEnum String[] getBlockModes() {
@@ -388,7 +392,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see #setKeyValidityEnd(Date)
*/
@@ -403,7 +407,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
@@ -421,7 +425,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see #setKeyValidityForConsumptionEnd(Date)
*/
@@ -437,7 +441,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see #setKeyValidityForOriginationEnd(Date)
*/
@@ -448,14 +452,14 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Sets the set of purposes (e.g., {@code ENCRYPT}, {@code DECRYPT}, {@code SIGN}) for which
* the key can be used.
* Sets the set of purposes (e.g., encrypt, decrypt, sign) for which the key can be used.
* Attempts to use the key for any other purpose will be rejected.
*
* <p>This must be specified for all keys. There is no default.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see KeyStoreKeyProperties.Purpose
* <p>See {@link KeyStoreKeyProperties}.{@code PURPOSE} flags.
*/
@NonNull
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
@@ -464,15 +468,15 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Sets the set of padding schemes (e.g., {@code PKCS7Padding}, {@code NoPadding}) with
* which the key can be used when encrypting/decrypting. Attempts to use the key with any
* other padding scheme will be rejected.
* Sets the set of padding schemes (e.g., {@code OAEPPadding}, {@code PKCS7Padding},
* {@code NoPadding}) with which the key can be used when encrypting/decrypting. Attempts to
* use the key with any other padding scheme will be rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see KeyStoreKeyProperties.EncryptionPadding
* <p>See {@link KeyStoreKeyProperties}.{@code ENCRYPTION_PADDING} constants.
*/
@NonNull
public Builder setEncryptionPaddings(
@@ -482,15 +486,15 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Sets the set of padding schemes (e.g., {@code PSS}) with which the key can be used when
* signing/verifying. Attempts to use the key with any other padding scheme will be
* rejected.
* Sets the set of padding schemes (e.g., {@code PSS}, {@code PKCS#1}) with which the key
* can be used when signing/verifying. Attempts to use the key with any other padding scheme
* will be rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see KeyStoreKeyProperties.SignaturePadding
* <p>See {@link KeyStoreKeyProperties}.{@code SIGNATURE_PADDING} constants.
*/
@NonNull
public Builder setSignaturePaddings(
@@ -509,7 +513,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms
* must be specified.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see KeyStoreKeyProperties.Digest
*/
@@ -520,15 +524,15 @@ public final class KeyStoreParameter implements ProtectionParameter {
}
/**
* Sets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be
* used when encrypting/decrypting. Attempts to use the key with any other block modes will
* be rejected.
* Sets the set of block modes (e.g., {@code CBC}, {@code CTR}, {@code ECB}) with which the
* key can be used when encrypting/decrypting. Attempts to use the key with any other block
* modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see KeyStoreKeyProperties.BlockMode
* <p>See {@link KeyStoreKeyProperties}.{@code BLOCK_MODE} constants.
*/
@NonNull
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
@@ -570,7 +574,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*/
@NonNull
public Builder setRandomizedEncryptionRequired(boolean required) {
@@ -591,7 +595,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
* <a href="{@docRoot}training/articles/keystore.html#UserAuthentication">More
* information</a>.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
@@ -607,7 +611,7 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the user needs to authenticate for every use of the key.
*
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.
* <p><b>NOTE: This has currently no effect on asymmetric key pairs.</b>
*
* @param seconds duration in seconds or {@code -1} if the user needs to authenticate for
* every use of the key.