am 04a99c7b: am 82cba6aa: am c6eb6288: Merge "Split key origin into TEE/not and generated/imported."

* commit '04a99c7b4435598e4f9d53fadbe5faca4ad7ebdc': Split key origin into TEE/not and generated/imported.
author: Alex Klyubin <klyubin@google.com> 2015-04-10 04:33:48 +0000
committer: Android Git Automerger <android-git-automerger@android.com> 2015-04-10 04:33:48 +0000
commit: 2c5eaa0157f20b591b4c5f998d81021719b2e261 (patch)
tree: 626e59aa1f12ba0959050fe599f72918c2dde0b3
parent: 7819e443b0b571dc0b44d4cfd2f521d68370530a (diff)
parent: 04a99c7b4435598e4f9d53fadbe5faca4ad7ebdc (diff)
download: frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.zip
frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.tar.gz
frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.tar.bz2
3 files changed, 29 insertions, 15 deletions
diff --git a/keystore/java/android/security/KeyStoreKeyCharacteristics.java b/keystore/java/android/security/KeyStoreKeyCharacteristics.java
index 543b5d8..1f5d400 100644
--- a/keystore/java/android/security/KeyStoreKeyCharacteristics.java
+++ b/keystore/java/android/security/KeyStoreKeyCharacteristics.java
@@ -31,7 +31,7 @@ public abstract class KeyStoreKeyCharacteristics {
     private KeyStoreKeyCharacteristics() {}
 
     @Retention(RetentionPolicy.SOURCE)
-    @IntDef({Origin.GENERATED_INSIDE_TEE, Origin.GENERATED_OUTSIDE_OF_TEE, Origin.IMPORTED})
+    @IntDef({Origin.GENERATED, Origin.IMPORTED})
     public @interface OriginEnum {}
 
     /**
@@ -40,14 +40,11 @@ public abstract class KeyStoreKeyCharacteristics {
     public static abstract class Origin {
         private Origin() {}
 
-        /** Key was generated inside a TEE. */
-        public static final int GENERATED_INSIDE_TEE = 1;
+        /** Key was generated inside AndroidKeyStore. */
+        public static final int GENERATED = 1 << 0;
 
-        /** Key was generated outside of a TEE. */
-        public static final int GENERATED_OUTSIDE_OF_TEE = 2;
-
-        /** Key was imported. */
-        public static final int IMPORTED = 0;
+        /** Key was imported into AndroidKeyStore. */
+        public static final int IMPORTED = 1 << 1;
 
         /**
          * @hide
@@ -55,9 +52,7 @@ public abstract class KeyStoreKeyCharacteristics {
         public static @OriginEnum int fromKeymaster(int origin) {
             switch (origin) {
                 case KeymasterDefs.KM_ORIGIN_HARDWARE:
-                    return GENERATED_INSIDE_TEE;
-                case KeymasterDefs.KM_ORIGIN_SOFTWARE:
-                    return GENERATED_OUTSIDE_OF_TEE;
+                    return GENERATED;
                 case KeymasterDefs.KM_ORIGIN_IMPORTED:
                     return IMPORTED;
                 default:
diff --git a/keystore/java/android/security/KeyStoreKeySpec.java b/keystore/java/android/security/KeyStoreKeySpec.java
index 256d9b3..65bb236 100644
--- a/keystore/java/android/security/KeyStoreKeySpec.java
+++ b/keystore/java/android/security/KeyStoreKeySpec.java
@@ -28,6 +28,7 @@ import java.util.Date;
 public class KeyStoreKeySpec implements KeySpec {
     private final String mKeystoreAlias;
     private final int mKeySize;
+    private final boolean mTeeBacked;
     private final @KeyStoreKeyCharacteristics.OriginEnum int mOrigin;
     private final Date mKeyValidityStart;
     private final Date mKeyValidityForOriginationEnd;
@@ -46,6 +47,7 @@ public class KeyStoreKeySpec implements KeySpec {
      * @hide
      */
     KeyStoreKeySpec(String keystoreKeyAlias,
+            boolean teeBacked,
             @KeyStoreKeyCharacteristics.OriginEnum int origin,
             int keySize,
             Date keyValidityStart,
@@ -61,6 +63,7 @@ public class KeyStoreKeySpec implements KeySpec {
             int userAuthenticationValidityDurationSeconds,
             boolean invalidatedOnNewFingerprintEnrolled) {
         mKeystoreAlias = keystoreKeyAlias;
+        mTeeBacked = teeBacked;
         mOrigin = origin;
         mKeySize = keySize;
         mKeyValidityStart = keyValidityStart;
@@ -85,6 +88,14 @@ public class KeyStoreKeySpec implements KeySpec {
     }
 
     /**
+     * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available
+     * in plaintext only inside the TEE.
+     */
+    public boolean isTeeBacked() {
+        return mTeeBacked;
+    }
+
+    /**
      * Gets the origin of the key.
      */
     public @KeyStoreKeyCharacteristics.OriginEnum int getOrigin() {
diff --git a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
index 8bf228a..a5e87d1 100644
--- a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
@@ -70,7 +70,8 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
                     + " Keystore error: " + errorCode);
         }
 
-        @KeyStoreKeyCharacteristics.OriginEnum Integer origin;
+        boolean teeBacked;
+        @KeyStoreKeyCharacteristics.OriginEnum int origin;
         int keySize;
         @KeyStoreKeyConstraints.PurposeEnum int purposes;
         @KeyStoreKeyConstraints.AlgorithmEnum int algorithm;
@@ -80,11 +81,17 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
         @KeyStoreKeyConstraints.UserAuthenticatorEnum int userAuthenticators;
         @KeyStoreKeyConstraints.UserAuthenticatorEnum int teeEnforcedUserAuthenticators;
         try {
-            origin = KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_ORIGIN);
-            if (origin == null) {
+            if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
+                teeBacked = true;
+                origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster(
+                        keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
+            } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
+                teeBacked = false;
+                origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster(
+                        keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
+            } else {
                 throw new InvalidKeySpecException("Key origin not available");
             }
-            origin = KeyStoreKeyCharacteristics.Origin.fromKeymaster(origin);
             Integer keySizeInteger =
                     KeymasterUtils.getInt(keyCharacteristics, KeymasterDefs.KM_TAG_KEY_SIZE);
             if (keySizeInteger == null) {
@@ -147,6 +154,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
         boolean invalidatedOnNewFingerprintEnrolled = false;
 
         return new KeyStoreKeySpec(entryAlias,
+                teeBacked,
                 origin,
                 keySize,
                 keyValidityStart,
author	Alex Klyubin <klyubin@google.com>	2015-04-10 04:33:48 +0000
committer	Android Git Automerger <android-git-automerger@android.com>	2015-04-10 04:33:48 +0000
commit	2c5eaa0157f20b591b4c5f998d81021719b2e261 (patch)
tree	626e59aa1f12ba0959050fe599f72918c2dde0b3
parent	7819e443b0b571dc0b44d4cfd2f521d68370530a (diff)
parent	04a99c7b4435598e4f9d53fadbe5faca4ad7ebdc (diff)
download	frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.zip frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.tar.gz frameworks_base-2c5eaa0157f20b591b4c5f998d81021719b2e261.tar.bz2