Consolidate Keystore alias prefixes.

Currently, the keystore SPI assigns different prefixes to user key entries depending on the algorithm. Symmetric keys (secret keys) get the prefix USERSKEY_ and asymmetric keys (private keys) get the prefix USERPKEY_. This distinction is superfluous, as the information can always be retrieved from the key characteristics. Also moving forward it is desirable to be able to import keys the nature of which is not known a priori. In these cases the prefix cannot be chosen meaningfully. This patch deprecates one of the prefixes (i.e. USERSKEY_) and uses the other for both types of keys. Legacy keys with the old prefix can still be used, but all new keys will have the prefix USERPKEY_. Bug: 63931634 Test: CTS test and Manual upgrade test with KeyStoreTool app Also performed upgrade test with device PIN set Change-Id: I5b4bb0b0d2b82c276659d55b862150326bb68d5d
author: Janis Danisevskis <jdanis@google.com> 2017-04-19 09:17:17 -0700
committer: Janis Danisevskis <jdanis@google.com> 2017-12-15 00:14:40 +0000
commit: 64338c0e4d0ec64c55abc34c0559d94ee352723c (patch)
tree: ca55c1153ac4e02df80af05dcf7fc2581f193e88 /keystore/java/android/security/Credentials.java
parent: bb91f5fe94188de451726dd83cdaffd5944f5108 (diff)
1 files changed, 14 insertions, 20 deletions
diff --git a/keystore/java/android/security/Credentials.java b/keystore/java/android/security/Credentials.java
index 6830a7487dbc..57db20be1145 100644
--- a/keystore/java/android/security/Credentials.java
+++ b/keystore/java/android/security/Credentials.java
@@ -60,10 +60,12 @@ public class Credentials {
     /** Key prefix for user certificates. */
     public static final String USER_CERTIFICATE = "USRCERT_";
 
-    /** Key prefix for user private keys. */
+    /** Key prefix for user private and secret keys. */
     public static final String USER_PRIVATE_KEY = "USRPKEY_";
 
-    /** Key prefix for user secret keys. */
+    /** Key prefix for user secret keys.
+     *  @deprecated use {@code USER_PRIVATE_KEY} for this category instead.
+     */
     public static final String USER_SECRET_KEY = "USRSKEY_";
 
     /** Key prefix for VPN. */
@@ -235,8 +237,7 @@ public class Credentials {
          * Make sure every type is deleted. There can be all three types, so
          * don't use a conditional here.
          */
-        return deletePrivateKeyTypeForAlias(keystore, alias, uid)
-                & deleteSecretKeyTypeForAlias(keystore, alias, uid)
+        return deleteUserKeyTypeForAlias(keystore, alias, uid)
                 & deleteCertificateTypesForAlias(keystore, alias, uid);
     }
 
@@ -264,34 +265,27 @@ public class Credentials {
     }
 
     /**
-     * Delete private key for a particular {@code alias}.
-     * Returns {@code true} if the entry no longer exists.
-     */
-    static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias) {
-        return deletePrivateKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
-    }
-
-    /**
-     * Delete private key for a particular {@code alias}.
+     * Delete user key for a particular {@code alias}.
      * Returns {@code true} if the entry no longer exists.
      */
-    static boolean deletePrivateKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
-        return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid);
+    public static boolean deleteUserKeyTypeForAlias(KeyStore keystore, String alias) {
+        return deleteUserKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
     }
 
     /**
-     * Delete secret key for a particular {@code alias}.
+     * Delete user key for a particular {@code alias}.
      * Returns {@code true} if the entry no longer exists.
      */
-    public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias) {
-        return deleteSecretKeyTypeForAlias(keystore, alias, KeyStore.UID_SELF);
+    public static boolean deleteUserKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
+        return keystore.delete(Credentials.USER_PRIVATE_KEY + alias, uid) ||
+                keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
     }
 
     /**
-     * Delete secret key for a particular {@code alias}.
+     * Delete legacy prefixed entry for a particular {@code alias}
      * Returns {@code true} if the entry no longer exists.
      */
-    public static boolean deleteSecretKeyTypeForAlias(KeyStore keystore, String alias, int uid) {
+    public static boolean deleteLegacyKeyForAlias(KeyStore keystore, String alias, int uid) {
         return keystore.delete(Credentials.USER_SECRET_KEY + alias, uid);
     }
 }
author	Janis Danisevskis <jdanis@google.com>	2017-04-19 09:17:17 -0700
committer	Janis Danisevskis <jdanis@google.com>	2017-12-15 00:14:40 +0000
commit	64338c0e4d0ec64c55abc34c0559d94ee352723c (patch)
tree	ca55c1153ac4e02df80af05dcf7fc2581f193e88 /keystore/java/android/security/Credentials.java
parent	bb91f5fe94188de451726dd83cdaffd5944f5108 (diff)