diff options
| author | Haamed Gheibi <haamed@google.com> | 2022-03-09 12:05:14 -0800 |
|---|---|---|
| committer | Weijie Wang <quic_weijiew@quicinc.com> | 2022-03-15 15:38:25 +0800 |
| commit | 12bb6d3cbf05cea529a165917c7430af607056f2 (patch) | |
| tree | ff322630f9716306236ca70ecae1f265ae2aa2c6 /keystore/java/android | |
| parent | a42412b7fc93a0eb852d8bf1a4d001f7df7f43b3 (diff) | |
Merge SP2A.220305.013
Bug: 220074017
Change-Id: Idfdd94e902f656ac65a2a75dfdd199f6f85ba472
Diffstat (limited to 'keystore/java/android')
4 files changed, 25 insertions, 18 deletions
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java index 5619585d9c3c..16f732f63bf7 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKey.java @@ -22,6 +22,8 @@ import android.system.keystore2.Authorization; import android.system.keystore2.Domain; import android.system.keystore2.KeyDescriptor; +import com.android.internal.annotations.VisibleForTesting; + import java.security.Key; /** @@ -46,7 +48,11 @@ public class AndroidKeyStoreKey implements Key { // We do not include this member in comparisons. private final KeyStoreSecurityLevel mSecurityLevel; - AndroidKeyStoreKey(@NonNull KeyDescriptor descriptor, + /** + * @hide + */ + @VisibleForTesting + public AndroidKeyStoreKey(@NonNull KeyDescriptor descriptor, long keyId, @NonNull Authorization[] authorizations, @NonNull String algorithm, @@ -102,11 +108,9 @@ public class AndroidKeyStoreKey implements Key { final int prime = 31; int result = 1; - result = prime * result + ((mDescriptor == null) ? 0 : mDescriptor.hashCode()); + result = prime * result + getClass().hashCode(); result = prime * result + (int) (mKeyId >>> 32); result = prime * result + (int) (mKeyId & 0xffffffff); - result = prime * result + ((mAuthorizations == null) ? 0 : mAuthorizations.hashCode()); - result = prime * result + ((mAlgorithm == null) ? 0 : mAlgorithm.hashCode()); return result; } @@ -122,10 +126,6 @@ public class AndroidKeyStoreKey implements Key { return false; } AndroidKeyStoreKey other = (AndroidKeyStoreKey) obj; - if (mKeyId != other.mKeyId) { - return false; - } - - return true; + return mKeyId == other.mKeyId; } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java index db3e567cb6b4..0b3be327b521 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStorePublicKey.java @@ -23,6 +23,7 @@ import android.system.keystore2.KeyDescriptor; import android.system.keystore2.KeyMetadata; import java.security.PublicKey; +import java.util.Arrays; /** * {@link PublicKey} backed by Android Keystore. @@ -61,8 +62,8 @@ public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implem int result = 1; result = prime * result + super.hashCode(); - result = prime * result + ((mCertificate == null) ? 0 : mCertificate.hashCode()); - result = prime * result + ((mCertificateChain == null) ? 0 : mCertificateChain.hashCode()); + result = prime * result + Arrays.hashCode(mCertificate); + result = prime * result + Arrays.hashCode(mCertificateChain); return result; } @@ -75,9 +76,14 @@ public abstract class AndroidKeyStorePublicKey extends AndroidKeyStoreKey implem if (!super.equals(obj)) { return false; } - if (getClass() != obj.getClass()) { - return false; - } - return true; + + /* + * getClass().equals(ojb.getClass()) is implied by the call to super.equals() above. This + * means we can cast obj to AndroidKeyStorePublicKey here. + */ + final AndroidKeyStorePublicKey other = (AndroidKeyStorePublicKey) obj; + + return Arrays.equals(mCertificate, other.mCertificate) && Arrays.equals(mCertificateChain, + other.mCertificateChain); } } diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java index 67358c4f3255..33411e1ec5b9 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java @@ -601,8 +601,6 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { } KeyProtection params = (KeyProtection) param; - @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX : - SecurityLevel.TRUSTED_ENVIRONMENT; @Domain int targetDomain = (getTargetDomain()); if (key instanceof AndroidKeyStoreSecretKey) { @@ -794,6 +792,9 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { flags |= IKeystoreSecurityLevel.KEY_FLAG_AUTH_BOUND_WITHOUT_CRYPTOGRAPHIC_LSKF_BINDING; } + @SecurityLevel int securityLevel = params.isStrongBoxBacked() ? SecurityLevel.STRONGBOX : + SecurityLevel.TRUSTED_ENVIRONMENT; + try { KeyStoreSecurityLevel securityLevelInterface = mKeyStore.getSecurityLevel( securityLevel); diff --git a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java index 850c55166edc..6fa1a694eb67 100644 --- a/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java +++ b/keystore/java/android/security/keystore2/KeyStoreCryptoOperationUtils.java @@ -89,7 +89,7 @@ abstract class KeyStoreCryptoOperationUtils { // specific sensor (the one that hasn't changed), and 2) currently the only // signal to developers is the UserNotAuthenticatedException, which doesn't // indicate a specific sensor. - boolean canUnlockViaBiometrics = true; + boolean canUnlockViaBiometrics = biometricSids.length > 0; for (long sid : biometricSids) { if (!keySids.contains(sid)) { canUnlockViaBiometrics = false; |