diff options
author | Justin Klaassen <justinklaassen@google.com> | 2018-04-15 00:41:15 -0400 |
---|---|---|
committer | Justin Klaassen <justinklaassen@google.com> | 2018-04-15 00:41:15 -0400 |
commit | b8042fc9b036db0a6692ca853428fc6ab1e60892 (patch) | |
tree | 82669ea5d75238758e22d379a42baeada526219e /android/security/keystore/KeyGenParameterSpec.java | |
parent | 4d01eeaffaa720e4458a118baa137a11614f00f7 (diff) | |
download | android-28-b8042fc9b036db0a6692ca853428fc6ab1e60892.tar.gz |
Import Android SDK Platform P [4719250]HEADmastermainandroidx-work-releaseandroidx-webkit-releaseandroidx-viewpager2-releaseandroidx-versionedparcelable-releaseandroidx-vectordrawable-releaseandroidx-transition-releaseandroidx-sqlite-releaseandroidx-sharetarget-releaseandroidx-security-security-crypto-releaseandroidx-savedstate-releaseandroidx-room-releaseandroidx-recyclerview-releaseandroidx-recyclerview-recyclerview-selection-releaseandroidx-preference-releaseandroidx-paging-releaseandroidx-paging-legacy-releaseandroidx-navigation-releaseandroidx-mediarouter-releaseandroidx-media2-releaseandroidx-media2-media2-widget-releaseandroidx-media-releaseandroidx-master-releaseandroidx-localbroadcastmanager-releaseandroidx-loader-releaseandroidx-lifecycle-releaseandroidx-jetifier-releaseandroidx-g3-releaseandroidx-fragment-releaseandroidx-exifinterface-releaseandroidx-enterprise-releaseandroidx-core-releaseandroidx-core-core-role-releaseandroidx-coordinatorlayout-releaseandroidx-concurrent-releaseandroidx-compose-releaseandroidx-collection-releaseandroidx-camerax-releaseandroidx-browser-releaseandroidx-biometric-releaseandroidx-benchmark-releaseandroidx-autofill-releaseandroidx-arch-core-releaseandroidx-appcompat-releaseandroidx-annotation-releaseandroidx-annotation-annotation-experimental-releaseandroidx-activity-releaseandroid-arch-work-releaseandroid-arch-navigation-release
/google/data/ro/projects/android/fetch_artifact \
--bid 4719250 \
--target sdk_phone_armv7-win_sdk \
sdk-repo-linux-sources-4719250.zip
AndroidVersion.ApiLevel has been modified to appear as 28
Change-Id: I9ec0a12c9251b8449dba0d86b0cfdbcca16b0a7c
Diffstat (limited to 'android/security/keystore/KeyGenParameterSpec.java')
-rw-r--r-- | android/security/keystore/KeyGenParameterSpec.java | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/android/security/keystore/KeyGenParameterSpec.java b/android/security/keystore/KeyGenParameterSpec.java index c0d0fb00..b2e0f675 100644 --- a/android/security/keystore/KeyGenParameterSpec.java +++ b/android/security/keystore/KeyGenParameterSpec.java @@ -19,6 +19,7 @@ package android.security.keystore; import android.annotation.IntRange; import android.annotation.NonNull; import android.annotation.Nullable; +import android.annotation.TestApi; import android.app.KeyguardManager; import android.hardware.fingerprint.FingerprintManager; import android.security.GateKeeper; @@ -594,6 +595,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Returns {@code true} if the key is authorized to be used only if a test of user presence has * been performed between the {@code Signature.initSign()} and {@code Signature.sign()} calls. + * It requires that the KeyStore implementation have a direct way to validate the user presence + * for example a KeyStore hardware backed strongbox can use a button press that is observable + * in hardware. A test for user presence is tangential to authentication. The test can be part + * of an authentication step as long as this step can be validated by the hardware protecting + * the key and cannot be spoofed. For example, a physical button press can be used as a test of + * user presence if the other pins connected to the button are not able to simulate a button + * press. There must be no way for the primary processor to fake a button press, or that + * button must not be used as a test of user presence. */ public boolean isUserPresenceRequired() { return mUserPresenceRequired; @@ -673,8 +682,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu } /** - * Returns {@code true} if the screen must be unlocked for this key to be used for encryption or - * signing. Decryption and signature verification will still be available when the screen is + * Returns {@code true} if the screen must be unlocked for this key to be used for decryption or + * signing. Encryption and signature verification will still be available when the screen is * locked. * * @see Builder#setUnlockedDeviceRequired(boolean) @@ -1180,6 +1189,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu /** * Sets whether a test of user presence is required to be performed between the * {@code Signature.initSign()} and {@code Signature.sign()} method calls. + * It requires that the KeyStore implementation have a direct way to validate the user + * presence for example a KeyStore hardware backed strongbox can use a button press that + * is observable in hardware. A test for user presence is tangential to authentication. The + * test can be part of an authentication step as long as this step can be validated by the + * hardware protecting the key and cannot be spoofed. For example, a physical button press + * can be used as a test of user presence if the other pins connected to the button are not + * able to simulate a button press.There must be no way for the primary processor to fake a + * button press, or that button must not be used as a test of user presence. */ @NonNull public Builder setUserPresenceRequired(boolean required) { @@ -1227,6 +1244,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec, UserAu * * Sets whether to include a temporary unique ID field in the attestation certificate. */ + @TestApi @NonNull public Builder setUniqueIdIncluded(boolean uniqueIdIncluded) { mUniqueIdIncluded = uniqueIdIncluded; |