Require IND-CPA by default for new AndroidKeyStore keys.

Bug: 18088752
Change-Id: I01e44b7155df4326b5c9d83dda57f889c1f23ec7

1 files changed, 26 insertions, 0 deletions

diff --git a/keystore/java/android/security/KeyStoreKeyConstraints.java b/keystore/java/android/security/KeyStoreKeyConstraints.java
index 202e38d6e8a5..ca93cfbaa76b 100644
--- a/keystore/java/android/security/KeyStoreKeyConstraints.java
+++ b/keystore/java/android/security/KeyStoreKeyConstraints.java
@@ -493,6 +493,14 @@ public abstract class KeyStoreKeyConstraints {
         public static final int GCM = 1 << 3;
 
         /**
+         * Set of block modes compatible with IND-CPA if used correctly.
+         *
+         * @hide
+         */
+        public static final @BlockModeEnum int IND_CPA_COMPATIBLE_MODES =
+                CBC | CTR | GCM;
+
+        /**
          * @hide
          */
         public static int toKeymaster(@BlockModeEnum int mode) {
@@ -571,6 +579,24 @@ public abstract class KeyStoreKeyConstraints {
         /**
          * @hide
          */
+        public static String allToString(@BlockModeEnum int modes) {
+            StringBuilder result = new StringBuilder("[");
+            boolean firstValue = true;
+            for (@BlockModeEnum int mode : getSetFlags(modes)) {
+                if (firstValue) {
+                    firstValue = false;
+                } else {
+                    result.append(", ");
+                }
+                result.append(toString(mode));
+            }
+            result.append(']');
+            return result.toString();
+        }
+
+        /**
+         * @hide
+         */
         public static @BlockModeEnum int fromJCAMode(String mode) {
             String modeLower = mode.toLowerCase(Locale.US);
             if ("ecb".equals(modeLower)) {