diff options
27 files changed, 156 insertions, 104 deletions
diff --git a/core/java/android/app/ActivityThread.java b/core/java/android/app/ActivityThread.java index f506d59..5dcbe37 100644 --- a/core/java/android/app/ActivityThread.java +++ b/core/java/android/app/ActivityThread.java @@ -96,7 +96,7 @@ import android.view.Window; import android.view.WindowManager; import android.view.WindowManagerGlobal; import android.renderscript.RenderScriptCacheDir; -import android.security.AndroidKeyStoreProvider; +import android.security.keystore.AndroidKeyStoreProvider; import com.android.internal.app.IVoiceInteractor; import com.android.internal.content.ReferrerIntent; diff --git a/core/java/android/hardware/fingerprint/FingerprintManager.java b/core/java/android/hardware/fingerprint/FingerprintManager.java index cf96145..1a75e81 100644 --- a/core/java/android/hardware/fingerprint/FingerprintManager.java +++ b/core/java/android/hardware/fingerprint/FingerprintManager.java @@ -32,7 +32,7 @@ import android.os.RemoteException; import android.os.UserHandle; import android.provider.Settings; import android.hardware.fingerprint.FingerprintManager.EnrollmentCallback; -import android.security.AndroidKeyStoreProvider; +import android.security.keystore.AndroidKeyStoreProvider; import android.util.Log; import android.util.Slog; diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java index 6283e02..5d777b0 100644 --- a/keystore/java/android/security/Credentials.java +++ b/keystore/java/android/security/Credentials.java @@ -216,7 +216,7 @@ public class Credentials { * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ - static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) { + public static boolean deleteAllTypesForAlias(KeyStore keystore, String alias) { /* * Make sure every type is deleted. There can be all three types, so * don't use a conditional here. @@ -231,7 +231,7 @@ public class Credentials { * particular {@code alias}. All three can exist for any given alias. * Returns {@code true} if there was at least one of those types. */ - static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { + public static boolean deleteCertificateTypesForAlias(KeyStore keystore, String alias) { /* * Make sure every certificate type is deleted. There can be two types, * so don't use a conditional here. @@ -252,7 +252,7 @@ public class Credentials { * Delete secret key for a particular {@code alias}. * Returns {@code true} if an entry was was deleted. */ - static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) { + public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) { return keystore.delete(Credentials.USER_SECRET_KEY + alias); } } diff --git a/keystore/java/android/security/GateKeeper.java b/keystore/java/android/security/GateKeeper.java index 5617836..c1df28c 100644 --- a/keystore/java/android/security/GateKeeper.java +++ b/keystore/java/android/security/GateKeeper.java @@ -1,3 +1,19 @@ +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package android.security; import android.os.RemoteException; diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 72c74df..06f5b06 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -109,7 +109,7 @@ public class KeyStore { mContext = getApplicationContext(); } - static Context getApplicationContext() { + public static Context getApplicationContext() { ActivityThread activityThread = ActivityThread.currentActivityThread(); if (activityThread == null) { throw new IllegalStateException( @@ -136,7 +136,7 @@ public class KeyStore { return mToken; } - static int getKeyTypeForAlgorithm(@KeyProperties.KeyAlgorithmEnum String keyType) { + public static int getKeyTypeForAlgorithm(@KeyProperties.KeyAlgorithmEnum String keyType) { if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyType)) { return NativeConstants.EVP_PKEY_RSA; } else if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(keyType)) { @@ -632,7 +632,7 @@ public class KeyStore { * Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error * code. */ - static KeyStoreException getKeyStoreException(int errorCode) { + public static KeyStoreException getKeyStoreException(int errorCode) { if (errorCode > 0) { // KeyStore layer error switch (errorCode) { @@ -674,7 +674,8 @@ public class KeyStore { * Returns an {@link InvalidKeyException} corresponding to the provided * {@link KeyStoreException}. */ - InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, KeyStoreException e) { + public InvalidKeyException getInvalidKeyException( + String keystoreKeyAlias, KeyStoreException e) { switch (e.getErrorCode()) { case LOCKED: return new UserNotAuthenticatedException(); @@ -745,7 +746,7 @@ public class KeyStore { * Returns an {@link InvalidKeyException} corresponding to the provided keystore/keymaster error * code. */ - InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int errorCode) { + public InvalidKeyException getInvalidKeyException(String keystoreKeyAlias, int errorCode) { return getInvalidKeyException(keystoreKeyAlias, getKeyStoreException(errorCode)); } } diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/keystore/AndroidKeyPairGeneratorSpi.java index e9f8320..8d3b421 100644 --- a/keystore/java/android/security/AndroidKeyPairGenerator.java +++ b/keystore/java/android/security/keystore/AndroidKeyPairGeneratorSpi.java @@ -14,11 +14,12 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import android.annotation.NonNull; -import android.security.keystore.KeyGenParameterSpec; -import android.security.keystore.KeyProperties; +import android.security.Credentials; +import android.security.KeyPairGeneratorSpec; +import android.security.KeyStore; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import com.android.org.conscrypt.NativeConstants; @@ -55,15 +56,15 @@ import java.util.Locale; * * {@hide} */ -public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { +public abstract class AndroidKeyPairGeneratorSpi extends KeyPairGeneratorSpi { - public static class RSA extends AndroidKeyPairGenerator { + public static class RSA extends AndroidKeyPairGeneratorSpi { public RSA() { super(KeyProperties.KEY_ALGORITHM_RSA); } } - public static class EC extends AndroidKeyPairGenerator { + public static class EC extends AndroidKeyPairGeneratorSpi { public EC() { super(KeyProperties.KEY_ALGORITHM_EC); } @@ -92,7 +93,7 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { private int mKeyType; private int mKeySize; - protected AndroidKeyPairGenerator(@KeyProperties.KeyAlgorithmEnum String algorithm) { + protected AndroidKeyPairGeneratorSpi(@KeyProperties.KeyAlgorithmEnum String algorithm) { mAlgorithm = algorithm; } diff --git a/keystore/java/android/security/AndroidKeyStoreBCWorkaroundProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java index 45329cf..3774e36 100644 --- a/keystore/java/android/security/AndroidKeyStoreBCWorkaroundProvider.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import java.security.Provider; @@ -40,9 +40,9 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { // classes when this provider is instantiated and installed early on during each app's // initialization process. - private static final String PACKAGE_NAME = "android.security"; + private static final String PACKAGE_NAME = "android.security.keystore"; private static final String KEYSTORE_SECRET_KEY_CLASS_NAME = - PACKAGE_NAME + ".KeyStoreSecretKey"; + PACKAGE_NAME + ".AndroidKeyStoreSecretKey"; AndroidKeyStoreBCWorkaroundProvider() { super("AndroidKeyStoreBCWorkaround", @@ -50,25 +50,25 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { "Android KeyStore security provider to work around Bouncy Castle"); // javax.crypto.Mac - putMacImpl("HmacSHA1", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA1"); - putMacImpl("HmacSHA224", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA224"); - putMacImpl("HmacSHA256", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA256"); - putMacImpl("HmacSHA384", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA384"); - putMacImpl("HmacSHA512", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA512"); + putMacImpl("HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA1"); + putMacImpl("HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA224"); + putMacImpl("HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA256"); + putMacImpl("HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA384"); + putMacImpl("HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA512"); // javax.crypto.Cipher putSymmetricCipherImpl("AES/ECB/NoPadding", - PACKAGE_NAME + ".KeyStoreCipherSpi$AES$ECB$NoPadding"); + PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$NoPadding"); putSymmetricCipherImpl("AES/ECB/PKCS7Padding", - PACKAGE_NAME + ".KeyStoreCipherSpi$AES$ECB$PKCS7Padding"); + PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$PKCS7Padding"); putSymmetricCipherImpl("AES/CBC/NoPadding", - PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CBC$NoPadding"); + PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$NoPadding"); putSymmetricCipherImpl("AES/CBC/PKCS7Padding", - PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CBC$PKCS7Padding"); + PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$PKCS7Padding"); putSymmetricCipherImpl("AES/CTR/NoPadding", - PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CTR$NoPadding"); + PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CTR$NoPadding"); } private void putMacImpl(String algorithm, String implClass) { diff --git a/keystore/java/android/security/KeyStoreCipherSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpi.java index b0f1695..27df5e7 100644 --- a/keystore/java/android/security/KeyStoreCipherSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreCipherSpi.java @@ -14,9 +14,11 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import android.os.IBinder; +import android.security.KeyStore; +import android.security.KeyStoreException; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import android.security.keymaster.OperationResult; @@ -48,9 +50,10 @@ import javax.crypto.spec.IvParameterSpec; * * @hide */ -public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCryptoOperation { +public abstract class AndroidKeyStoreCipherSpi extends CipherSpi + implements KeyStoreCryptoOperation { - public abstract static class AES extends KeyStoreCipherSpi { + public abstract static class AES extends AndroidKeyStoreCipherSpi { protected AES(int keymasterBlockMode, int keymasterPadding, boolean ivUsed) { super(KeymasterDefs.KM_ALGORITHM_AES, keymasterBlockMode, @@ -120,7 +123,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry // Fields below are populated by Cipher.init and KeyStore.begin and should be preserved after // doFinal finishes. protected boolean mEncrypting; - private KeyStoreSecretKey mKey; + private AndroidKeyStoreSecretKey mKey; private SecureRandom mRng; private boolean mFirstOperationInitiated; private byte[] mIv; @@ -147,7 +150,7 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry */ private Exception mCachedException; - protected KeyStoreCipherSpi( + protected AndroidKeyStoreCipherSpi( int keymasterAlgorithm, int keymasterBlockMode, int keymasterPadding, @@ -219,11 +222,11 @@ public abstract class KeyStoreCipherSpi extends CipherSpi implements KeyStoreCry } private void init(int opmode, Key key, SecureRandom random) throws InvalidKeyException { - if (!(key instanceof KeyStoreSecretKey)) { + if (!(key instanceof AndroidKeyStoreSecretKey)) { throw new InvalidKeyException( "Unsupported key: " + ((key != null) ? key.getClass().getName() : "null")); } - mKey = (KeyStoreSecretKey) key; + mKey = (AndroidKeyStoreSecretKey) key; mRng = random; mIv = null; mFirstOperationInitiated = false; diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java index 5089a25..b82a7f5 100644 --- a/keystore/java/android/security/KeyStoreHmacSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreHmacSpi.java @@ -14,9 +14,11 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import android.os.IBinder; +import android.security.KeyStore; +import android.security.KeyStoreException; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import android.security.keymaster.OperationResult; @@ -34,33 +36,33 @@ import javax.crypto.MacSpi; * * @hide */ -public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation { +public abstract class AndroidKeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation { - public static class HmacSHA1 extends KeyStoreHmacSpi { + public static class HmacSHA1 extends AndroidKeyStoreHmacSpi { public HmacSHA1() { super(KeymasterDefs.KM_DIGEST_SHA1); } } - public static class HmacSHA224 extends KeyStoreHmacSpi { + public static class HmacSHA224 extends AndroidKeyStoreHmacSpi { public HmacSHA224() { super(KeymasterDefs.KM_DIGEST_SHA_2_224); } } - public static class HmacSHA256 extends KeyStoreHmacSpi { + public static class HmacSHA256 extends AndroidKeyStoreHmacSpi { public HmacSHA256() { super(KeymasterDefs.KM_DIGEST_SHA_2_256); } } - public static class HmacSHA384 extends KeyStoreHmacSpi { + public static class HmacSHA384 extends AndroidKeyStoreHmacSpi { public HmacSHA384() { super(KeymasterDefs.KM_DIGEST_SHA_2_384); } } - public static class HmacSHA512 extends KeyStoreHmacSpi { + public static class HmacSHA512 extends AndroidKeyStoreHmacSpi { public HmacSHA512() { super(KeymasterDefs.KM_DIGEST_SHA_2_512); } @@ -71,14 +73,14 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp private final int mMacSizeBits; // Fields below are populated by engineInit and should be preserved after engineDoFinal. - private KeyStoreSecretKey mKey; + private AndroidKeyStoreSecretKey mKey; // Fields below are reset when engineDoFinal succeeds. private KeyStoreCryptoOperationChunkedStreamer mChunkedStreamer; private IBinder mOperationToken; private long mOperationHandle; - protected KeyStoreHmacSpi(int keymasterDigest) { + protected AndroidKeyStoreHmacSpi(int keymasterDigest) { mKeymasterDigest = keymasterDigest; mMacSizeBits = KeymasterUtils.getDigestOutputSizeBits(keymasterDigest); } @@ -109,11 +111,11 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp InvalidAlgorithmParameterException { if (key == null) { throw new InvalidKeyException("key == null"); - } else if (!(key instanceof KeyStoreSecretKey)) { + } else if (!(key instanceof AndroidKeyStoreSecretKey)) { throw new InvalidKeyException( "Only Android KeyStore secret keys supported. Key: " + key); } - mKey = (KeyStoreSecretKey) key; + mKey = (AndroidKeyStoreSecretKey) key; if (params != null) { throw new InvalidAlgorithmParameterException( diff --git a/keystore/java/android/security/KeyStoreKey.java b/keystore/java/android/security/keystore/AndroidKeyStoreKey.java index 7a34829..6098e5c 100644 --- a/keystore/java/android/security/KeyStoreKey.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKey.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import java.security.Key; @@ -23,11 +23,11 @@ import java.security.Key; * * @hide */ -public class KeyStoreKey implements Key { +public class AndroidKeyStoreKey implements Key { private final String mAlias; private final String mAlgorithm; - public KeyStoreKey(String alias, String algorithm) { + public AndroidKeyStoreKey(String alias, String algorithm) { mAlias = alias; mAlgorithm = algorithm; } diff --git a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java index feec00f..0821bf5 100644 --- a/keystore/java/android/security/KeyStoreKeyGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java @@ -14,8 +14,10 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; +import android.security.Credentials; +import android.security.KeyStore; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; @@ -39,9 +41,9 @@ import javax.crypto.SecretKey; * * @hide */ -public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { +public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { - public static class AES extends KeyStoreKeyGeneratorSpi { + public static class AES extends AndroidKeyStoreKeyGeneratorSpi { public AES() { super(KeymasterDefs.KM_ALGORITHM_AES, 128); } @@ -58,7 +60,7 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { } } - protected static abstract class HmacBase extends KeyStoreKeyGeneratorSpi { + protected static abstract class HmacBase extends AndroidKeyStoreKeyGeneratorSpi { protected HmacBase(int keymasterDigest) { super(KeymasterDefs.KM_ALGORITHM_HMAC, keymasterDigest, @@ -110,13 +112,13 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { private int[] mKeymasterPaddings; private int[] mKeymasterDigests; - protected KeyStoreKeyGeneratorSpi( + protected AndroidKeyStoreKeyGeneratorSpi( int keymasterAlgorithm, int defaultKeySizeBits) { this(keymasterAlgorithm, -1, defaultKeySizeBits); } - protected KeyStoreKeyGeneratorSpi( + protected AndroidKeyStoreKeyGeneratorSpi( int keymasterAlgorithm, int keymasterDigest, int defaultKeySizeBits) { @@ -314,6 +316,6 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { } catch (IllegalArgumentException e) { throw new ProviderException("Failed to obtain JCA secret key algorithm name", e); } - return new KeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); + return new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmJCA); } } diff --git a/keystore/java/android/security/AndroidKeyStoreProvider.java b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java index 257ab54..b20a122 100644 --- a/keystore/java/android/security/AndroidKeyStoreProvider.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java @@ -14,7 +14,9 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; + +import android.security.KeyStore; import java.security.Provider; import java.security.Security; @@ -38,25 +40,25 @@ public class AndroidKeyStoreProvider extends Provider { // Instead, they need to be offered by AndroidKeyStoreBCWorkaroundProvider. See its Javadoc // for details. - private static final String PACKAGE_NAME = "android.security"; + private static final String PACKAGE_NAME = "android.security.keystore"; public AndroidKeyStoreProvider() { super(PROVIDER_NAME, 1.0, "Android KeyStore security provider"); // java.security.KeyStore - put("KeyStore.AndroidKeyStore", PACKAGE_NAME + ".AndroidKeyStore"); + put("KeyStore.AndroidKeyStore", PACKAGE_NAME + ".AndroidKeyStoreSpi"); // java.security.KeyPairGenerator - put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyPairGenerator$EC"); - put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyPairGenerator$RSA"); + put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyPairGeneratorSpi$EC"); + put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyPairGeneratorSpi$RSA"); // javax.crypto.KeyGenerator - put("KeyGenerator.AES", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$AES"); - put("KeyGenerator.HmacSHA1", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA1"); - put("KeyGenerator.HmacSHA224", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA224"); - put("KeyGenerator.HmacSHA256", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA256"); - put("KeyGenerator.HmacSHA384", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA384"); - put("KeyGenerator.HmacSHA512", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA512"); + put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); + put("KeyGenerator.HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$HmacSHA1"); + put("KeyGenerator.HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$HmacSHA224"); + put("KeyGenerator.HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$HmacSHA256"); + put("KeyGenerator.HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$HmacSHA384"); + put("KeyGenerator.HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$HmacSHA512"); // java.security.SecretKeyFactory putSecretKeyFactoryImpl("AES"); @@ -95,7 +97,7 @@ public class AndroidKeyStoreProvider extends Provider { } private void putSecretKeyFactoryImpl(String algorithm) { - put("SecretKeyFactory." + algorithm, PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi"); + put("SecretKeyFactory." + algorithm, PACKAGE_NAME + ".AndroidKeyStoreSecretKeyFactorySpi"); } /** diff --git a/keystore/java/android/security/KeyStoreSecretKey.java b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKey.java index ee25465..f75516b 100644 --- a/keystore/java/android/security/KeyStoreSecretKey.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKey.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import javax.crypto.SecretKey; @@ -23,9 +23,9 @@ import javax.crypto.SecretKey; * * @hide */ -public class KeyStoreSecretKey extends KeyStoreKey implements SecretKey { +public class AndroidKeyStoreSecretKey extends AndroidKeyStoreKey implements SecretKey { - public KeyStoreSecretKey(String alias, String algorithm) { + public AndroidKeyStoreSecretKey(String alias, String algorithm) { super(alias, algorithm); } } diff --git a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java index 618ba47..455f170 100644 --- a/keystore/java/android/security/KeyStoreSecretKeyFactorySpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java @@ -14,12 +14,12 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; +import android.security.Credentials; +import android.security.KeyStore; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterDefs; -import android.security.keystore.KeyInfo; -import android.security.keystore.KeyProperties; import libcore.util.EmptyArray; @@ -39,7 +39,7 @@ import javax.crypto.spec.SecretKeySpec; * * @hide */ -public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { +public class AndroidKeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { private final KeyStore mKeyStore = KeyStore.getInstance(); @@ -49,7 +49,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { if (keySpecClass == null) { throw new InvalidKeySpecException("keySpecClass == null"); } - if (!(key instanceof KeyStoreSecretKey)) { + if (!(key instanceof AndroidKeyStoreSecretKey)) { throw new InvalidKeySpecException("Only Android KeyStore secret keys supported: " + ((key != null) ? key.getClass().getName() : "null")); } @@ -60,7 +60,7 @@ public class KeyStoreSecretKeyFactorySpi extends SecretKeyFactorySpi { if (!KeyInfo.class.equals(keySpecClass)) { throw new InvalidKeySpecException("Unsupported key spec: " + keySpecClass.getName()); } - String keyAliasInKeystore = ((KeyStoreSecretKey) key).getAlias(); + String keyAliasInKeystore = ((AndroidKeyStoreSecretKey) key).getAlias(); String entryAlias; if (keyAliasInKeystore.startsWith(Credentials.USER_SECRET_KEY)) { entryAlias = keyAliasInKeystore.substring(Credentials.USER_SECRET_KEY.length()); diff --git a/keystore/java/android/security/AndroidKeyStore.java b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java index 69bf877..d6145a3 100644 --- a/keystore/java/android/security/AndroidKeyStore.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java @@ -14,13 +14,15 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import com.android.org.conscrypt.OpenSSLEngine; import com.android.org.conscrypt.OpenSSLKeyHolder; import libcore.util.EmptyArray; +import android.security.Credentials; +import android.security.KeyStoreParameter; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; @@ -81,7 +83,7 @@ import javax.crypto.SecretKey; * * @hide */ -public class AndroidKeyStore extends KeyStoreSpi { +public class AndroidKeyStoreSpi extends KeyStoreSpi { public static final String NAME = "AndroidKeyStore"; private android.security.KeyStore mKeyStore; @@ -140,7 +142,7 @@ public class AndroidKeyStore extends KeyStoreSpi { new UnrecoverableKeyException("Unsupported secret key type").initCause(e); } - return new KeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmString); + return new AndroidKeyStoreSecretKey(keyAliasInKeystore, keyAlgorithmString); } return null; @@ -476,10 +478,10 @@ public class AndroidKeyStore extends KeyStoreSpi { } KeyProtection params = (KeyProtection) param; - if (key instanceof KeyStoreSecretKey) { + if (key instanceof AndroidKeyStoreSecretKey) { // KeyStore-backed secret key. It cannot be duplicated into another entry and cannot // overwrite its own entry. - String keyAliasInKeystore = ((KeyStoreSecretKey) key).getAlias(); + String keyAliasInKeystore = ((AndroidKeyStoreSecretKey) key).getAlias(); if (keyAliasInKeystore == null) { throw new KeyStoreException("KeyStore-backed secret key does not have an alias"); } diff --git a/keystore/java/android/security/ArrayUtils.java b/keystore/java/android/security/keystore/ArrayUtils.java index 71b99d0..81be384 100644 --- a/keystore/java/android/security/ArrayUtils.java +++ b/keystore/java/android/security/keystore/ArrayUtils.java @@ -1,4 +1,20 @@ -package android.security; +/* + * Copyright (C) 2015 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.keystore; import libcore.util.EmptyArray; diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index fa3b1cb..f598482 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -21,7 +21,6 @@ import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; import android.text.TextUtils; -import android.security.ArrayUtils; import android.security.KeyStore; import java.math.BigInteger; diff --git a/keystore/java/android/security/keystore/KeyInfo.java b/keystore/java/android/security/keystore/KeyInfo.java index aec2512..e4f921e 100644 --- a/keystore/java/android/security/keystore/KeyInfo.java +++ b/keystore/java/android/security/keystore/KeyInfo.java @@ -18,7 +18,6 @@ package android.security.keystore; import android.annotation.NonNull; import android.annotation.Nullable; -import android.security.ArrayUtils; import java.security.PrivateKey; import java.security.spec.KeySpec; diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index 113159d..48fdd98 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -20,8 +20,6 @@ import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; import android.app.KeyguardManager; -import android.content.Context; -import android.security.ArrayUtils; import android.security.KeyStore; import java.security.Key; diff --git a/keystore/java/android/security/KeyStoreConnectException.java b/keystore/java/android/security/keystore/KeyStoreConnectException.java index 885f1f7..e008976 100644 --- a/keystore/java/android/security/KeyStoreConnectException.java +++ b/keystore/java/android/security/keystore/KeyStoreConnectException.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import java.security.ProviderException; diff --git a/keystore/java/android/security/KeyStoreCryptoOperation.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java index c5cf211..2c709ae 100644 --- a/keystore/java/android/security/KeyStoreCryptoOperation.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperation.java @@ -14,7 +14,9 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; + +import android.security.KeyStore; /** * Cryptographic operation backed by {@link KeyStore}. diff --git a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java index 0619199..7d57e5f 100644 --- a/keystore/java/android/security/KeyStoreCryptoOperationChunkedStreamer.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java @@ -14,9 +14,11 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import android.os.IBinder; +import android.security.KeyStore; +import android.security.KeyStoreException; import android.security.keymaster.OperationResult; import libcore.util.EmptyArray; diff --git a/keystore/java/android/security/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore/KeyStoreCryptoOperationUtils.java index c9bdd41..6ae76f1 100644 --- a/keystore/java/android/security/KeyStoreCryptoOperationUtils.java +++ b/keystore/java/android/security/keystore/KeyStoreCryptoOperationUtils.java @@ -14,10 +14,10 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; +import android.security.KeyStore; import android.security.keymaster.KeymasterDefs; -import android.security.keystore.UserNotAuthenticatedException; import java.security.GeneralSecurityException; import java.security.InvalidAlgorithmParameterException; @@ -41,7 +41,7 @@ abstract class KeyStoreCryptoOperationUtils { * the {@code init} method should succeed. */ static InvalidKeyException getInvalidKeyExceptionForInit( - KeyStore keyStore, KeyStoreKey key, int beginOpResultCode) { + KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode) { if (beginOpResultCode == KeyStore.NO_ERROR) { return null; } @@ -69,8 +69,8 @@ abstract class KeyStoreCryptoOperationUtils { * in response to {@code KeyStore.begin} operation or {@code null} if the {@code init} method * should succeed. */ - static GeneralSecurityException getExceptionForCipherInit( - KeyStore keyStore, KeyStoreKey key, int beginOpResultCode) { + public static GeneralSecurityException getExceptionForCipherInit( + KeyStore keyStore, AndroidKeyStoreKey key, int beginOpResultCode) { if (beginOpResultCode == KeyStore.NO_ERROR) { return null; } diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/keystore/KeymasterUtils.java index 0f8f190..e7529e1 100644 --- a/keystore/java/android/security/KeymasterUtils.java +++ b/keystore/java/android/security/keystore/KeymasterUtils.java @@ -14,9 +14,11 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import android.hardware.fingerprint.FingerprintManager; +import android.security.GateKeeper; +import android.security.KeyStore; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; diff --git a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java index 9c2f358..cad4e54 100644 --- a/keystore/tests/src/android/security/AndroidKeyPairGeneratorTest.java +++ b/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java @@ -14,8 +14,10 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; +import android.security.Credentials; +import android.security.KeyPairGeneratorSpec; import android.test.AndroidTestCase; import java.io.ByteArrayInputStream; diff --git a/keystore/tests/src/android/security/AndroidKeyStoreTest.java b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java index 4b2b9b5..2d4e4a0 100644 --- a/keystore/tests/src/android/security/AndroidKeyStoreTest.java +++ b/keystore/tests/src/android/security/keystore/AndroidKeyStoreTest.java @@ -14,13 +14,16 @@ * limitations under the License. */ -package android.security; +package android.security.keystore; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; import com.android.org.conscrypt.NativeConstants; import com.android.org.conscrypt.OpenSSLEngine; +import android.security.Credentials; +import android.security.KeyStore; +import android.security.KeyStoreParameter; import android.test.AndroidTestCase; import java.io.ByteArrayInputStream; @@ -1319,9 +1322,9 @@ public class AndroidKeyStoreTest extends AndroidTestCase { } public void testKeyStore_GetType_Encrypted_Success() throws Exception { - assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); + assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); setupPassword(); - assertEquals(AndroidKeyStore.NAME, mKeyStore.getType()); + assertEquals(AndroidKeyStoreSpi.NAME, mKeyStore.getType()); } public void testKeyStore_IsCertificateEntry_CA_Encrypted_Success() throws Exception { diff --git a/preloaded-classes b/preloaded-classes index d2ed762..41a8857 100644 --- a/preloaded-classes +++ b/preloaded-classes @@ -1152,8 +1152,8 @@ android.provider.Settings$SettingNotFoundException android.provider.Settings$System android.provider.Telephony$Mms android.renderscript.RenderScript -android.security.AndroidKeyStoreBCWorkaroundProvider -android.security.AndroidKeyStoreProvider +android.security.keystore.AndroidKeyStoreBCWorkaroundProvider +android.security.keystore.AndroidKeyStoreProvider android.speech.tts.TextToSpeechService android.speech.tts.TextToSpeechService$SpeechItemV1 android.speech.tts.TextToSpeechService$SynthesisSpeechItemV1 |