Merge "Keystore 2.0: Remove hidden API from RecoverableKeystore" am: 5de808c5e2
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1624871
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: I9ccf99568c8238256addc02982a9b63757a7a22e
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformDecryptionKey.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformDecryptionKey.java
index 35571f1..e75aae1 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformDecryptionKey.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformDecryptionKey.java
@@ -16,7 +16,7 @@
package com.android.server.locksettings.recoverablekeystore;
-import android.security.keystore.AndroidKeyStoreSecretKey;
+import javax.crypto.SecretKey;
/**
* Used to unwrap recoverable keys before syncing them with remote storage.
@@ -30,7 +30,7 @@
public class PlatformDecryptionKey {
private final int mGenerationId;
- private final AndroidKeyStoreSecretKey mKey;
+ private final SecretKey mKey;
/**
* A new instance.
@@ -40,7 +40,7 @@
*
* @hide
*/
- public PlatformDecryptionKey(int generationId, AndroidKeyStoreSecretKey key) {
+ public PlatformDecryptionKey(int generationId, SecretKey key) {
mGenerationId = generationId;
mKey = key;
}
@@ -59,7 +59,7 @@
*
* @hide
*/
- public AndroidKeyStoreSecretKey getKey() {
+ public SecretKey getKey() {
return mKey;
}
}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformEncryptionKey.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformEncryptionKey.java
index 38f5b45..ee33446 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformEncryptionKey.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformEncryptionKey.java
@@ -16,7 +16,7 @@
package com.android.server.locksettings.recoverablekeystore;
-import android.security.keystore.AndroidKeyStoreSecretKey;
+import javax.crypto.SecretKey;
/**
* Private key stored in AndroidKeyStore. Used to wrap recoverable keys before writing them to disk.
@@ -33,7 +33,7 @@
public class PlatformEncryptionKey {
private final int mGenerationId;
- private final AndroidKeyStoreSecretKey mKey;
+ private final SecretKey mKey;
/**
* A new instance.
@@ -41,7 +41,7 @@
* @param generationId The generation ID of the key.
* @param key The secret key handle. Can be used to encrypt WITHOUT requiring screen unlock.
*/
- public PlatformEncryptionKey(int generationId, AndroidKeyStoreSecretKey key) {
+ public PlatformEncryptionKey(int generationId, SecretKey key) {
mGenerationId = generationId;
mKey = key;
}
@@ -56,7 +56,7 @@
/**
* Returns the actual key, which can only be used to encrypt.
*/
- public AndroidKeyStoreSecretKey getKey() {
+ public SecretKey getKey() {
return mKey;
}
}
diff --git a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
index 202dfe7..5e06205 100644
--- a/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
+++ b/services/core/java/com/android/server/locksettings/recoverablekeystore/PlatformKeyManager.java
@@ -21,7 +21,6 @@
import android.os.RemoteException;
import android.os.UserHandle;
import android.security.GateKeeper;
-import android.security.keystore.AndroidKeyStoreSecretKey;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
@@ -237,7 +236,7 @@
if (!isKeyLoaded(userId, generationId)) {
throw new UnrecoverableKeyException("KeyStore doesn't contain key " + alias);
}
- AndroidKeyStoreSecretKey key = (AndroidKeyStoreSecretKey) mKeyStore.getKey(
+ SecretKey key = (SecretKey) mKeyStore.getKey(
alias, /*password=*/ null);
return new PlatformEncryptionKey(generationId, key);
}
@@ -289,7 +288,7 @@
if (!isKeyLoaded(userId, generationId)) {
throw new UnrecoverableKeyException("KeyStore doesn't contain key " + alias);
}
- AndroidKeyStoreSecretKey key = (AndroidKeyStoreSecretKey) mKeyStore.getKey(
+ SecretKey key = (SecretKey) mKeyStore.getKey(
alias, /*password=*/ null);
return new PlatformDecryptionKey(generationId, key);
}
diff --git a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java
index 670bd81..fd4fe56 100644
--- a/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/locksettings/recoverablekeystore/PlatformKeyManagerTest.java
@@ -34,7 +34,6 @@
import android.content.Context;
import android.os.RemoteException;
import android.security.GateKeeper;
-import android.security.keystore.AndroidKeyStoreSecretKey;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
@@ -61,6 +60,7 @@
import java.util.List;
import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
@SmallTest
@RunWith(AndroidJUnit4.class)
@@ -586,7 +586,7 @@
return (KeyProtection) mProtectionParameterCaptor.getValue();
}
- private AndroidKeyStoreSecretKey generateAndroidKeyStoreKey() throws Exception {
+ private SecretKey generateAndroidKeyStoreKey() throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance(
KEY_ALGORITHM,
ANDROID_KEY_STORE_PROVIDER);
@@ -595,7 +595,7 @@
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
- return (AndroidKeyStoreSecretKey) keyGenerator.generateKey();
+ return keyGenerator.generateKey();
}
class PlatformKeyManagerTestable extends PlatformKeyManager {