Merge changes Ib3c9affb,I1dbe3d02,I88681f21
* changes:
Keystore 2.0 SPI: Adding the keystore AIDL interface to frameworks
Keystore 2.0: KeyProperties SignaturePadding is now public but hidden
Keystore SPI: Add SecurityLevelEnum to KeyProperties
diff --git a/Android.bp b/Android.bp
index 9c33106..8c8b29b 100644
--- a/Android.bp
+++ b/Android.bp
@@ -480,6 +480,7 @@
"android.hardware.vibrator-V1.1-java",
"android.hardware.vibrator-V1.2-java",
"android.hardware.vibrator-V1.3-java",
+ "android.system.keystore2-java",
"devicepolicyprotosnano",
"com.android.sysprop.apex",
diff --git a/api/current.txt b/api/current.txt
index ee3f81e..5d46a68 100644
--- a/api/current.txt
+++ b/api/current.txt
@@ -42880,6 +42880,11 @@
field public static final int PURPOSE_SIGN = 4; // 0x4
field public static final int PURPOSE_VERIFY = 8; // 0x8
field public static final int PURPOSE_WRAP_KEY = 32; // 0x20
+ field public static final int SECURITY_LEVEL_SOFTWARE = 0; // 0x0
+ field public static final int SECURITY_LEVEL_STRONGBOX = 2; // 0x2
+ field public static final int SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1; // 0x1
+ field public static final int SECURITY_LEVEL_UNKNOWN = -2; // 0xfffffffe
+ field public static final int SECURITY_LEVEL_UNKNOWN_SECURE = -1; // 0xffffffff
field public static final String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";
field public static final String SIGNATURE_PADDING_RSA_PSS = "PSS";
}
diff --git a/core/api/current.txt b/core/api/current.txt
index 23ddda6..b3561a3 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -41048,6 +41048,11 @@
field public static final int PURPOSE_SIGN = 4; // 0x4
field public static final int PURPOSE_VERIFY = 8; // 0x8
field public static final int PURPOSE_WRAP_KEY = 32; // 0x20
+ field public static final int SECURITY_LEVEL_SOFTWARE = 0; // 0x0
+ field public static final int SECURITY_LEVEL_STRONGBOX = 2; // 0x2
+ field public static final int SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1; // 0x1
+ field public static final int SECURITY_LEVEL_UNKNOWN = -2; // 0xfffffffe
+ field public static final int SECURITY_LEVEL_UNKNOWN_SECURE = -1; // 0xffffffff
field public static final String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1";
field public static final String SIGNATURE_PADDING_RSA_PSS = "PSS";
}
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index f08756a..e32ffa6 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -157,6 +157,11 @@
public static final int HW_AUTH_PASSWORD = 1 << 0;
public static final int HW_AUTH_BIOMETRIC = 1 << 1;
+ // Security Levels.
+ public static final int KM_SECURITY_LEVEL_SOFTWARE = 0;
+ public static final int KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1;
+ public static final int KM_SECURITY_LEVEL_STRONGBOX = 2;
+
// Error codes.
public static final int KM_ERROR_OK = 0;
public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1;
diff --git a/keystore/java/android/security/keystore/KeyProperties.java b/keystore/java/android/security/keystore/KeyProperties.java
index c58a123..9050c69 100644
--- a/keystore/java/android/security/keystore/KeyProperties.java
+++ b/keystore/java/android/security/keystore/KeyProperties.java
@@ -496,10 +496,16 @@
*/
public static final String SIGNATURE_PADDING_RSA_PSS = "PSS";
- static abstract class SignaturePadding {
+ /**
+ * @hide
+ */
+ public abstract static class SignaturePadding {
private SignaturePadding() {}
- static int toKeymaster(@NonNull @SignaturePaddingEnum String padding) {
+ /**
+ * @hide
+ */
+ public static int toKeymaster(@NonNull @SignaturePaddingEnum String padding) {
switch (padding.toUpperCase(Locale.US)) {
case SIGNATURE_PADDING_RSA_PKCS1:
return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN;
@@ -512,7 +518,7 @@
}
@NonNull
- static @SignaturePaddingEnum String fromKeymaster(int padding) {
+ public static @SignaturePaddingEnum String fromKeymaster(int padding) {
switch (padding) {
case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN:
return SIGNATURE_PADDING_RSA_PKCS1;
@@ -524,7 +530,7 @@
}
@NonNull
- static int[] allToKeymaster(@Nullable @SignaturePaddingEnum String[] paddings) {
+ public static int[] allToKeymaster(@Nullable @SignaturePaddingEnum String[] paddings) {
if ((paddings == null) || (paddings.length == 0)) {
return EmptyArray.INT;
}
@@ -771,4 +777,84 @@
}
return result;
}
+
+ /**
+ * @hide
+ */
+ @Retention(RetentionPolicy.SOURCE)
+ @IntDef(prefix = { "SECURITY_LEVEL_" }, value = {
+ SECURITY_LEVEL_UNKNOWN,
+ SECURITY_LEVEL_UNKNOWN_SECURE,
+ SECURITY_LEVEL_SOFTWARE,
+ SECURITY_LEVEL_TRUSTED_ENVIRONMENT,
+ SECURITY_LEVEL_STRONGBOX,
+ })
+ public @interface SecurityLevelEnum {}
+
+ /**
+ * This security level indicates that no assumptions can be made about the security level of the
+ * respective key.
+ */
+ public static final int SECURITY_LEVEL_UNKNOWN = -2;
+ /**
+ * This security level indicates that due to the target API level of the caller no exact
+ * statement can be made about the security level of the key, however, the security level
+ * can be considered is at least equivalent to {@link #SECURITY_LEVEL_TRUSTED_ENVIRONMENT}.
+ */
+ public static final int SECURITY_LEVEL_UNKNOWN_SECURE = -1;
+
+ /** Indicates enforcement by system software. */
+ public static final int SECURITY_LEVEL_SOFTWARE = 0;
+
+ /** Indicates enforcement by a trusted execution environment. */
+ public static final int SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1;
+
+ /**
+ * Indicates enforcement by environment meeting the Strongbox security profile,
+ * such as a secure element.
+ */
+ public static final int SECURITY_LEVEL_STRONGBOX = 2;
+
+ /**
+ * @hide
+ */
+ public abstract static class SecurityLevel {
+ private SecurityLevel() {}
+
+ /**
+ * @hide
+ */
+ public static int toKeymaster(int securityLevel) {
+ switch (securityLevel) {
+ case SECURITY_LEVEL_SOFTWARE:
+ return KeymasterDefs.KM_SECURITY_LEVEL_SOFTWARE;
+ case SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
+ return KeymasterDefs.KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
+ case SECURITY_LEVEL_STRONGBOX:
+ return KeymasterDefs.KM_SECURITY_LEVEL_STRONGBOX;
+ default:
+ throw new IllegalArgumentException("Unsupported security level: "
+ + securityLevel);
+ }
+ }
+
+ /**
+ * @hide
+ */
+ @NonNull
+ public static int fromKeymaster(int securityLevel) {
+ switch (securityLevel) {
+ case KeymasterDefs.KM_SECURITY_LEVEL_SOFTWARE:
+ return SECURITY_LEVEL_SOFTWARE;
+ case KeymasterDefs.KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
+ return SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
+ case KeymasterDefs.KM_SECURITY_LEVEL_STRONGBOX:
+ return SECURITY_LEVEL_STRONGBOX;
+ default:
+ throw new IllegalArgumentException("Unsupported security level: "
+ + securityLevel);
+ }
+ }
+ }
+
}