Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c7dc355feb1b9c69de1160ab4133e189ee7811c0 / . / services / tests / servicestests / src / com / android / server / locksettings / recoverablekeystore / PlatformKeyManagerTest.java
blob: 821d97acc23022dba5a07d09fdf4b23df64c5263 [file] [log] [blame]
/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.server.locksettings.recoverablekeystore;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.testng.Assert.expectThrows;
import android.app.KeyguardManager;
import android.content.Context;
import android.os.RemoteException;
import android.security.GateKeeper;
import android.security.keystore.AndroidKeyStoreSecretKey;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
import android.service.gatekeeper.IGateKeeperService;
import androidx.test.InstrumentationRegistry;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
import com.android.server.locksettings.recoverablekeystore.storage.RecoverableKeyStoreDb;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Captor;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import java.io.File;
import java.security.KeyStore;
import java.security.UnrecoverableKeyException;
import java.util.List;
import javax.crypto.KeyGenerator;
@SmallTest
@RunWith(AndroidJUnit4.class)
public class PlatformKeyManagerTest {
private static final String DATABASE_FILE_NAME = "recoverablekeystore.db";
private static final int USER_AUTHENTICATION_VALIDITY_DURATION_SECONDS = 15;
private static final int USER_ID_FIXTURE = 42;
private static final long USER_SID = 4200L;
private static final String KEY_ALGORITHM = "AES";
private static final String ANDROID_KEY_STORE_PROVIDER = "AndroidKeyStore";
private static final String TESTING_KEYSTORE_KEY_ALIAS = "testing-key-store-key-alias";
@Mock private Context mContext;
@Mock private KeyStoreProxy mKeyStoreProxy;
@Mock private KeyguardManager mKeyguardManager;
@Mock private IGateKeeperService mGateKeeperService;
@Captor private ArgumentCaptor<KeyStore.ProtectionParameter> mProtectionParameterCaptor;
@Captor private ArgumentCaptor<KeyStore.Entry> mEntryArgumentCaptor;
private RecoverableKeyStoreDb mRecoverableKeyStoreDb;
private File mDatabaseFile;
private PlatformKeyManager mPlatformKeyManager;
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
Context context = InstrumentationRegistry.getTargetContext();
mDatabaseFile = context.getDatabasePath(DATABASE_FILE_NAME);
mRecoverableKeyStoreDb = RecoverableKeyStoreDb.newInstance(context);
mPlatformKeyManager = new PlatformKeyManagerTestable(
mContext, mKeyStoreProxy, mRecoverableKeyStoreDb, mGateKeeperService);
when(mContext.getSystemService(anyString())).thenReturn(mKeyguardManager);
when(mContext.getSystemServiceName(any())).thenReturn("test");
when(mKeyguardManager.isDeviceSecure(USER_ID_FIXTURE)).thenReturn(true);
when(mGateKeeperService.getSecureUserId(USER_ID_FIXTURE)).thenReturn(USER_SID);
}
@After
public void tearDown() {
mRecoverableKeyStoreDb.close();
mDatabaseFile.delete();
}
@Test
public void init_createsEncryptKeyWithCorrectAlias() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"),
any(),
any());
}
@Test
public void init_createsEncryptKeyWithCorrectPurposes() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(KeyProperties.PURPOSE_ENCRYPT, getEncryptKeyProtection().getPurposes());
}
@Test
public void init_createsEncryptKeyWithCorrectPaddings() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertArrayEquals(
new String[] { KeyProperties.ENCRYPTION_PADDING_NONE },
getEncryptKeyProtection().getEncryptionPaddings());
}
@Test
public void init_createsEncryptKeyWithCorrectBlockModes() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertArrayEquals(
new String[] { KeyProperties.BLOCK_MODE_GCM },
getEncryptKeyProtection().getBlockModes());
}
@Test
public void init_createsEncryptKeyWithoutAuthenticationRequired() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertFalse(getEncryptKeyProtection().isUserAuthenticationRequired());
}
@Test
public void init_createsDecryptKeyWithCorrectAlias() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any(),
any());
}
@Test
public void init_createsDecryptKeyWithCorrectPurposes() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(KeyProperties.PURPOSE_DECRYPT, getDecryptKeyProtection().getPurposes());
}
@Test
public void init_createsDecryptKeyWithCorrectPaddings() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertArrayEquals(
new String[] { KeyProperties.ENCRYPTION_PADDING_NONE },
getDecryptKeyProtection().getEncryptionPaddings());
}
@Test
public void init_createsDecryptKeyWithCorrectBlockModes() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertArrayEquals(
new String[] { KeyProperties.BLOCK_MODE_GCM },
getDecryptKeyProtection().getBlockModes());
}
@Test
public void init_createsDecryptKeyWithAuthenticationRequired() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertTrue(getDecryptKeyProtection().isUserAuthenticationRequired());
}
@Test
public void init_createsDecryptKeyWithAuthenticationValidFor15Seconds() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(
USER_AUTHENTICATION_VALIDITY_DURATION_SECONDS,
getDecryptKeyProtection().getUserAuthenticationValidityDurationSeconds());
}
@Test
public void init_createsDecryptKeyBoundToTheUsersAuthentication() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(
USER_SID,
getDecryptKeyProtection().getBoundToSpecificSecureUserId());
}
@Test
public void init_doesNotCreateDecryptKeyIfNoSid() throws Exception {
when(mGateKeeperService.getSecureUserId(USER_ID_FIXTURE))
.thenReturn(GateKeeper.INVALID_SECURE_USER_ID);
mPlatformKeyManager.init(USER_ID_FIXTURE);
verify(mKeyStoreProxy, never()).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any(),
any());
}
@Test
public void init_doesNotCreateDecryptKeyOnGateKeeperException() throws Exception {
when(mGateKeeperService.getSecureUserId(USER_ID_FIXTURE)).thenThrow(new RemoteException());
expectThrows(RemoteException.class, () -> mPlatformKeyManager.init(USER_ID_FIXTURE));
verify(mKeyStoreProxy, never()).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any(),
any());
}
@Test
public void init_createsBothKeysWithSameMaterial() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
verify(mKeyStoreProxy, times(2)).setEntry(any(), mEntryArgumentCaptor.capture(), any());
List<KeyStore.Entry> entries = mEntryArgumentCaptor.getAllValues();
assertArrayEquals(
((KeyStore.SecretKeyEntry) entries.get(0)).getSecretKey().getEncoded(),
((KeyStore.SecretKeyEntry) entries.get(1)).getSecretKey().getEncoded());
}
@Test
public void init_savesGenerationIdToDatabase() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(1,
mRecoverableKeyStoreDb.getPlatformKeyGenerationId(USER_ID_FIXTURE));
}
@Test
public void init_setsGenerationIdTo1() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(1, mPlatformKeyManager.getGenerationId(USER_ID_FIXTURE));
}
@Test
public void init_incrementsGenerationIdIfKeyIsUnavailable() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(2, mPlatformKeyManager.getGenerationId(USER_ID_FIXTURE));
}
@Test
public void init_doesNotIncrementGenerationIdIfKeyAvailable() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
mPlatformKeyManager.init(USER_ID_FIXTURE);
assertEquals(1, mPlatformKeyManager.getGenerationId(USER_ID_FIXTURE));
}
@Test
public void getGenerationId_returnsMinusOneIfNotInitialized() throws Exception {
assertEquals(-1, mPlatformKeyManager.getGenerationId(USER_ID_FIXTURE));
}
@Test
public void getDecryptKey_getsDecryptKeyWithCorrectAlias() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy.getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any())).thenReturn(generateAndroidKeyStoreKey());
mPlatformKeyManager.getDecryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any());
}
@Test
public void getDecryptKey_generatesNewKeyIfOldDecryptKeyWasRemoved() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(false); // was removed
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true); // new version is available
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
when(mKeyStoreProxy.getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any())).thenReturn(generateAndroidKeyStoreKey());
mPlatformKeyManager.getDecryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).containsAlias(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"));
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any());
}
@Test
public void getDecryptKey_generatesNewKeyIfOldEncryptKeyWasRemoved() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(false); // was removed
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getDecryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).containsAlias(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"));
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any());
}
@Test
public void getEncryptKey_generatesNewKeyIfOldOneIsInvalid() throws Exception {
doThrow(new UnrecoverableKeyException()).when(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"),
any());
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getEncryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"),
any());
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"),
any());
}
@Test
public void getDecryptKey_generatesNewKeyIfOldOneIsInvalid() throws Exception {
doThrow(new UnrecoverableKeyException()).when(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any());
when(mKeyStoreProxy.getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any())).thenReturn(generateAndroidKeyStoreKey());
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getDecryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).containsAlias(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"));
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any());
}
@Test
public void getEncryptKey_generatesNewKeyIfDecryptKeyIsUnrecoverable() throws Exception {
doThrow(new UnrecoverableKeyException()).when(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any());
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(false); // was removed
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true); // new version is available
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getEncryptKey(USER_ID_FIXTURE);
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"),
any());
}
@Test
public void getEncryptKey_generatesNewKeyIfOldDecryptKeyWasRemoved() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(false); // was removed
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true); // new version is available
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getEncryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).containsAlias(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"));
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"),
any());
}
@Test
public void getEncryptKey_generatesNewKeyIfOldEncryptKeyWasRemoved() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(false); // was removed
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/2/decrypt")).thenReturn(true);
mPlatformKeyManager.getEncryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).containsAlias(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"));
// Attempt to get regenerated key.
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"),
any());
}
@Test
public void getEncryptKey_getsEncryptKeyWithCorrectAlias() throws Exception {
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/encrypt")).thenReturn(true);
when(mKeyStoreProxy
.containsAlias("com.android.server.locksettings.recoverablekeystore/"
+ "platform/42/1/decrypt")).thenReturn(true);
mPlatformKeyManager.getEncryptKey(USER_ID_FIXTURE);
verify(mKeyStoreProxy).getKey(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"),
any());
}
@Test
public void regenerate_incrementsTheGenerationId() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
mPlatformKeyManager.regenerate(USER_ID_FIXTURE);
assertEquals(2, mPlatformKeyManager.getGenerationId(USER_ID_FIXTURE));
}
@Test
public void regenerate_deletesOldKeysFromKeystore() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
mPlatformKeyManager.regenerate(USER_ID_FIXTURE);
verify(mKeyStoreProxy).deleteEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"));
verify(mKeyStoreProxy).deleteEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"));
mPlatformKeyManager.regenerate(USER_ID_FIXTURE);
// Removes second generation keys.
verify(mKeyStoreProxy).deleteEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"));
verify(mKeyStoreProxy).deleteEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"));
}
@Test
public void regenerate_generatesANewEncryptKeyWithTheCorrectAlias() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
mPlatformKeyManager.regenerate(USER_ID_FIXTURE);
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/encrypt"),
any(),
any());
}
@Test
public void regenerate_generatesANewDecryptKeyWithTheCorrectAlias() throws Exception {
mPlatformKeyManager.init(USER_ID_FIXTURE);
mPlatformKeyManager.regenerate(USER_ID_FIXTURE);
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/2/decrypt"),
any(),
any());
}
private KeyProtection getEncryptKeyProtection() throws Exception {
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/encrypt"),
any(),
mProtectionParameterCaptor.capture());
return (KeyProtection) mProtectionParameterCaptor.getValue();
}
private KeyProtection getDecryptKeyProtection() throws Exception {
verify(mKeyStoreProxy).setEntry(
eq("com.android.server.locksettings.recoverablekeystore/platform/42/1/decrypt"),
any(),
mProtectionParameterCaptor.capture());
return (KeyProtection) mProtectionParameterCaptor.getValue();
}
private AndroidKeyStoreSecretKey generateAndroidKeyStoreKey() throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance(
KEY_ALGORITHM,
ANDROID_KEY_STORE_PROVIDER);
keyGenerator.init(new KeyGenParameterSpec.Builder(TESTING_KEYSTORE_KEY_ALIAS,
KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
return (AndroidKeyStoreSecretKey) keyGenerator.generateKey();
}
class PlatformKeyManagerTestable extends PlatformKeyManager {
private IGateKeeperService mGateKeeperService;
PlatformKeyManagerTestable(
Context context,
KeyStoreProxy keyStoreProxy,
RecoverableKeyStoreDb database,
IGateKeeperService gateKeeperService) {
super(context, keyStoreProxy, database);
mGateKeeperService = gateKeeperService;
}
@Override
IGateKeeperService getGateKeeperService() {
return mGateKeeperService;
}
}
}