Replace "TEE" with "secure hardware".

This is to make the Android KeyStore API more generic.

Bug: 18088752
Change-Id: I18bcc96db4af17127e5dc038becc9deb85bb48aa

3 files changed, 23 insertions, 20 deletions

diff --git a/keystore/java/android/security/KeyStoreKeyProperties.java b/keystore/java/android/security/KeyStoreKeyProperties.java
index 1c3e300..1cf6a7a 100644
--- a/keystore/java/android/security/KeyStoreKeyProperties.java
+++ b/keystore/java/android/security/KeyStoreKeyProperties.java
@@ -656,7 +656,7 @@ public abstract class KeyStoreKeyProperties {
         public static final int IMPORTED = 1 << 1;
 
         /**
-         * Origin of the key is unknown. This can occur only for keys backed by an old TEE
+         * Origin of the key is unknown. This can occur only for keys backed by an old TEE-backed
          * implementation which does not record origin information.
          */
         public static final int UNKNOWN = 1 << 2;
diff --git a/keystore/java/android/security/KeyStoreKeySpec.java b/keystore/java/android/security/KeyStoreKeySpec.java
index 7533bdc..a630a0a 100644
--- a/keystore/java/android/security/KeyStoreKeySpec.java
+++ b/keystore/java/android/security/KeyStoreKeySpec.java
@@ -26,7 +26,7 @@ import java.util.Date;
 public class KeyStoreKeySpec implements KeySpec {
     private final String mKeystoreAlias;
     private final int mKeySize;
-    private final boolean mTeeBacked;
+    private final boolean mInsideSecureHardware;
     private final @KeyStoreKeyProperties.OriginEnum int mOrigin;
     private final Date mKeyValidityStart;
     private final Date mKeyValidityForOriginationEnd;
@@ -38,13 +38,13 @@ public class KeyStoreKeySpec implements KeySpec {
     private final @KeyStoreKeyProperties.BlockModeEnum String[] mBlockModes;
     private final boolean mUserAuthenticationRequired;
     private final int mUserAuthenticationValidityDurationSeconds;
-    private final boolean mUserAuthenticationRequirementTeeEnforced;
+    private final boolean mUserAuthenticationRequirementEnforcedBySecureHardware;
 
     /**
      * @hide
      */
     KeyStoreKeySpec(String keystoreKeyAlias,
-            boolean teeBacked,
+            boolean insideSecureHardware,
             @KeyStoreKeyProperties.OriginEnum int origin,
             int keySize,
             Date keyValidityStart,
@@ -57,9 +57,9 @@ public class KeyStoreKeySpec implements KeySpec {
             @KeyStoreKeyProperties.BlockModeEnum String[] blockModes,
             boolean userAuthenticationRequired,
             int userAuthenticationValidityDurationSeconds,
-            boolean userAuthenticationRequirementTeeEnforced) {
+            boolean userAuthenticationRequirementEnforcedBySecureHardware) {
         mKeystoreAlias = keystoreKeyAlias;
-        mTeeBacked = teeBacked;
+        mInsideSecureHardware = insideSecureHardware;
         mOrigin = origin;
         mKeySize = keySize;
         mKeyValidityStart = keyValidityStart;
@@ -74,7 +74,8 @@ public class KeyStoreKeySpec implements KeySpec {
         mBlockModes = ArrayUtils.cloneIfNotEmpty(ArrayUtils.nullToEmpty(blockModes));
         mUserAuthenticationRequired = userAuthenticationRequired;
         mUserAuthenticationValidityDurationSeconds = userAuthenticationValidityDurationSeconds;
-        mUserAuthenticationRequirementTeeEnforced = userAuthenticationRequirementTeeEnforced;
+        mUserAuthenticationRequirementEnforcedBySecureHardware =
+                userAuthenticationRequirementEnforcedBySecureHardware;
     }
 
     /**
@@ -85,11 +86,12 @@ public class KeyStoreKeySpec implements KeySpec {
     }
 
     /**
-     * Returns {@code true} if the key is TEE-backed. Key material of TEE-backed keys is available
-     * in plaintext only inside the TEE.
+     * Returns {@code true} if the key resides inside secure hardware (e.g., Trusted Execution
+     * Environment (TEE) or Secure Element (SE)). Key material of such keys is available in
+     * plaintext only inside the secure hardware and is not exposed outside of it.
      */
-    public boolean isTeeBacked() {
-        return mTeeBacked;
+    public boolean isInsideSecureHardware() {
+        return mInsideSecureHardware;
     }
 
     /**
@@ -192,11 +194,12 @@ public class KeyStoreKeySpec implements KeySpec {
 
     /**
      * Returns {@code true} if the requirement that this key can only be used if the user has been
-     * authenticated if enforced by the TEE.
+     * authenticated if enforced by secure hardware (e.g., Trusted Execution Environment (TEE) or
+     * Secure Element (SE)).
      *
      * @see #isUserAuthenticationRequired()
      */
-    public boolean isUserAuthenticationRequirementTeeEnforced() {
-        return mUserAuthenticationRequirementTeeEnforced;
+    public boolean isUserAuthenticationRequirementEnforcedBySecureHardware() {
+        return mUserAuthenticationRequirementEnforcedBySecureHardware;
     }
 }
diff --git a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
index ff79b7a..548296b 100644
--- a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
+++ b/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java
@@ -74,7 +74,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
                     + " Keystore error: " + errorCode);
         }
 
-        boolean teeBacked;
+        boolean insideSecureHardware;
         @KeyStoreKeyProperties.OriginEnum int origin;
         int keySize;
         @KeyStoreKeyProperties.PurposeEnum int purposes;
@@ -85,11 +85,11 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
         int keymasterHwEnforcedUserAuthenticators;
         try {
             if (keyCharacteristics.hwEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
-                teeBacked = true;
+                insideSecureHardware = true;
                 origin = KeyStoreKeyProperties.Origin.fromKeymaster(
                         keyCharacteristics.hwEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
             } else if (keyCharacteristics.swEnforced.containsTag(KeymasterDefs.KM_TAG_ORIGIN)) {
-                teeBacked = false;
+                insideSecureHardware = false;
                 origin = KeyStoreKeyProperties.Origin.fromKeymaster(
                         keyCharacteristics.swEnforced.getInt(KeymasterDefs.KM_TAG_ORIGIN, -1));
             } else {
@@ -150,12 +150,12 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
                 !keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
         int userAuthenticationValidityDurationSeconds =
                 keyCharacteristics.getInt(KeymasterDefs.KM_TAG_AUTH_TIMEOUT, -1);
-        boolean userAuthenticationRequirementEnforcedInTee = (userAuthenticationRequired)
+        boolean userAuthenticationRequirementEnforcedBySecureHardware = (userAuthenticationRequired)
                 && (keymasterHwEnforcedUserAuthenticators != 0)
                 && (keymasterSwEnforcedUserAuthenticators == 0);
 
         return new KeyStoreKeySpec(entryAlias,
-                teeBacked,
+                insideSecureHardware,
                 origin,
                 keySize,
                 keyValidityStart,
@@ -168,7 +168,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi {
                 blockModes,
                 userAuthenticationRequired,
                 userAuthenticationValidityDurationSeconds,
-                userAuthenticationRequirementEnforcedInTee);
+                userAuthenticationRequirementEnforcedBySecureHardware);
     }
 
     @Override