diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-23 12:06:27 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-06-23 12:06:27 -0700 |
commit | d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b (patch) | |
tree | 69af6ee4fd661f6386eb7f30ed4d93b79e008187 /keystore | |
parent | 6d2268a57603e1c60329b93fb853ac2c134cb932 (diff) | |
download | frameworks_base-d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b.zip frameworks_base-d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b.tar.gz frameworks_base-d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b.tar.bz2 |
Keymaster key validity dates are optional.
This CL makes Android Keystore framework code add
KM_TAG_ACTIVE_DATETIME, KM_TAG_ORIGINATION_EXPIRE_DATETIME, and
KM_TAG_USAGE_EXPIRE_DATETIME tags to the authorizations set only
if the corresponding time instants were specified through the
framework-level API. This is fine because these tags are optional as
it turns out.
Bug: 18088752
Change-Id: I6a5ae4cadb441e61576231815e6bec6e9248bc72
Diffstat (limited to 'keystore')
4 files changed, 21 insertions, 50 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java index 688936c..66509e2 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java @@ -31,7 +31,6 @@ import java.security.ProviderException; import java.security.SecureRandom; import java.security.spec.AlgorithmParameterSpec; import java.util.Arrays; -import java.util.Date; import javax.crypto.KeyGeneratorSpi; import javax.crypto.SecretKey; @@ -278,15 +277,11 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { KeymasterUtils.addUserAuthArgs(args, spec.isUserAuthenticationRequired(), spec.getUserAuthenticationValidityDurationSeconds()); - args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, - (spec.getKeyValidityStart() != null) - ? spec.getKeyValidityStart() : new Date(0)); - args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, - (spec.getKeyValidityForOriginationEnd() != null) - ? spec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE)); - args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, - (spec.getKeyValidityForConsumptionEnd() != null) - ? spec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE)); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, spec.getKeyValidityStart()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, + spec.getKeyValidityForOriginationEnd()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, + spec.getKeyValidityForConsumptionEnd()); if (((spec.getPurposes() & KeyProperties.PURPOSE_ENCRYPT) != 0) && (!spec.isRandomizedEncryptionRequired())) { diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java index f7ff07f..532b330 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -415,15 +415,11 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato KeymasterUtils.addUserAuthArgs(args, mSpec.isUserAuthenticationRequired(), mSpec.getUserAuthenticationValidityDurationSeconds()); - args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, - (mSpec.getKeyValidityStart() != null) - ? mSpec.getKeyValidityStart() : new Date(0)); - args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, - (mSpec.getKeyValidityForOriginationEnd() != null) - ? mSpec.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE)); - args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, - (mSpec.getKeyValidityForConsumptionEnd() != null) - ? mSpec.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE)); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, mSpec.getKeyValidityStart()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, + mSpec.getKeyValidityForOriginationEnd()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, + mSpec.getKeyValidityForConsumptionEnd()); addAlgorithmSpecificParameters(args); byte[] additionalEntropy = diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java index 8b00821..7887923 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java @@ -147,21 +147,10 @@ public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { } Date keyValidityStart = keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME); - if ((keyValidityStart != null) && (keyValidityStart.getTime() <= 0)) { - keyValidityStart = null; - } Date keyValidityForOriginationEnd = keyCharacteristics.getDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME); - if ((keyValidityForOriginationEnd != null) - && (keyValidityForOriginationEnd.getTime() == Long.MAX_VALUE)) { - keyValidityForOriginationEnd = null; - } Date keyValidityForConsumptionEnd = keyCharacteristics.getDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME); - if ((keyValidityForConsumptionEnd != null) - && (keyValidityForConsumptionEnd.getTime() == Long.MAX_VALUE)) { - keyValidityForConsumptionEnd = null; - } boolean userAuthenticationRequired = !keyCharacteristics.getBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED); int userAuthenticationValidityDurationSeconds = diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java index 5fb589e..084e30e 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java @@ -435,17 +435,12 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeymasterUtils.addUserAuthArgs(importArgs, spec.isUserAuthenticationRequired(), spec.getUserAuthenticationValidityDurationSeconds()); - importArgs.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, - (spec.getKeyValidityStart() != null) - ? spec.getKeyValidityStart() : new Date(0)); - importArgs.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, - (spec.getKeyValidityForOriginationEnd() != null) - ? spec.getKeyValidityForOriginationEnd() - : new Date(Long.MAX_VALUE)); - importArgs.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, - (spec.getKeyValidityForConsumptionEnd() != null) - ? spec.getKeyValidityForConsumptionEnd() - : new Date(Long.MAX_VALUE)); + importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, + spec.getKeyValidityStart()); + importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, + spec.getKeyValidityForOriginationEnd()); + importArgs.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, + spec.getKeyValidityForConsumptionEnd()); } catch (IllegalArgumentException e) { throw new KeyStoreException("Invalid parameter", e); } @@ -646,15 +641,11 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { KeymasterUtils.addUserAuthArgs(args, params.isUserAuthenticationRequired(), params.getUserAuthenticationValidityDurationSeconds()); - args.addDate(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, - (params.getKeyValidityStart() != null) - ? params.getKeyValidityStart() : new Date(0)); - args.addDate(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, - (params.getKeyValidityForOriginationEnd() != null) - ? params.getKeyValidityForOriginationEnd() : new Date(Long.MAX_VALUE)); - args.addDate(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, - (params.getKeyValidityForConsumptionEnd() != null) - ? params.getKeyValidityForConsumptionEnd() : new Date(Long.MAX_VALUE)); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ACTIVE_DATETIME, params.getKeyValidityStart()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_ORIGINATION_EXPIRE_DATETIME, + params.getKeyValidityForOriginationEnd()); + args.addDateIfNotNull(KeymasterDefs.KM_TAG_USAGE_EXPIRE_DATETIME, + params.getKeyValidityForConsumptionEnd()); if (((purposes & KeyProperties.PURPOSE_ENCRYPT) != 0) && (!params.isRandomizedEncryptionRequired())) { |