Unhide RecoverableKeyStoreLoader API.
Bug: 66499222
Test: GTS tests under development
Change-Id: I4285beaa26bc94d92f6213a34eb1e41ad0994d7a
diff --git a/core/java/android/security/keystore/KeychainProtectionParams.java b/core/java/android/security/keystore/KeychainProtectionParams.java
index a3cd431..a940fdc 100644
--- a/core/java/android/security/keystore/KeychainProtectionParams.java
+++ b/core/java/android/security/keystore/KeychainProtectionParams.java
@@ -260,9 +260,6 @@
}
};
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mUserSecretType);
diff --git a/core/java/android/security/keystore/KeychainSnapshot.java b/core/java/android/security/keystore/KeychainSnapshot.java
index e03dd4a..23aec25 100644
--- a/core/java/android/security/keystore/KeychainSnapshot.java
+++ b/core/java/android/security/keystore/KeychainSnapshot.java
@@ -151,6 +151,8 @@
/**
* Builder for creating {@link KeychainSnapshot}.
+ *
+ * @hide
*/
public static class Builder {
private KeychainSnapshot mInstance = new KeychainSnapshot();
@@ -263,9 +265,6 @@
}
}
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mSnapshotVersion);
diff --git a/core/java/android/security/keystore/recovery/BadCertificateFormatException.java b/core/java/android/security/keystore/recovery/BadCertificateFormatException.java
index fda3387..e0781a5 100644
--- a/core/java/android/security/keystore/recovery/BadCertificateFormatException.java
+++ b/core/java/android/security/keystore/recovery/BadCertificateFormatException.java
@@ -20,6 +20,7 @@
* Error thrown when the recovery agent supplies an invalid X509 certificate.
*
* @hide
+ * Deprecated
*/
public class BadCertificateFormatException extends RecoveryControllerException {
public BadCertificateFormatException(String msg) {
diff --git a/core/java/android/security/keystore/recovery/DecryptionFailedException.java b/core/java/android/security/keystore/recovery/DecryptionFailedException.java
index 93f033f..af00e05 100644
--- a/core/java/android/security/keystore/recovery/DecryptionFailedException.java
+++ b/core/java/android/security/keystore/recovery/DecryptionFailedException.java
@@ -16,6 +16,8 @@
package android.security.keystore.recovery;
+import android.annotation.SystemApi;
+
import java.security.GeneralSecurityException;
/**
@@ -24,8 +26,8 @@
*
* @hide
*/
+@SystemApi
public class DecryptionFailedException extends GeneralSecurityException {
-
public DecryptionFailedException(String msg) {
super(msg);
}
diff --git a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java
index 9a03226..218d26e 100644
--- a/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java
+++ b/core/java/android/security/keystore/recovery/InternalRecoveryServiceException.java
@@ -16,8 +16,9 @@
package android.security.keystore.recovery;
-import java.security.GeneralSecurityException;
+import android.annotation.SystemApi;
+import java.security.GeneralSecurityException;
/**
* An error thrown when something went wrong internally in the recovery service.
*
@@ -26,6 +27,7 @@
*
* @hide
*/
+@SystemApi
public class InternalRecoveryServiceException extends GeneralSecurityException {
public InternalRecoveryServiceException(String msg) {
super(msg);
diff --git a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java
index 7ccb909..a43952a 100644
--- a/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java
+++ b/core/java/android/security/keystore/recovery/KeyChainProtectionParams.java
@@ -18,6 +18,7 @@
import android.annotation.IntDef;
import android.annotation.NonNull;
+import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -47,6 +48,7 @@
*
* @hide
*/
+@SystemApi
public final class KeyChainProtectionParams implements Parcelable {
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -260,9 +262,6 @@
}
};
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mUserSecretType);
diff --git a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java
index 9639bb5e..df535ed 100644
--- a/core/java/android/security/keystore/recovery/KeyChainSnapshot.java
+++ b/core/java/android/security/keystore/recovery/KeyChainSnapshot.java
@@ -17,6 +17,7 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
+import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
@@ -42,6 +43,7 @@
*
* @hide
*/
+@SystemApi
public final class KeyChainSnapshot implements Parcelable {
private static final int DEFAULT_MAX_ATTEMPTS = 10;
private static final long DEFAULT_COUNTER_ID = 1L;
@@ -151,10 +153,10 @@
/**
* Builder for creating {@link KeyChainSnapshot}.
+ * @hide
*/
public static class Builder {
- private KeyChainSnapshot
- mInstance = new KeyChainSnapshot();
+ private KeyChainSnapshot mInstance = new KeyChainSnapshot();
/**
* Snapshot version for given account.
@@ -264,9 +266,6 @@
}
}
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mSnapshotVersion);
diff --git a/core/java/android/security/keystore/recovery/KeyDerivationParams.java b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
index 20631b0..fc909a0 100644
--- a/core/java/android/security/keystore/recovery/KeyDerivationParams.java
+++ b/core/java/android/security/keystore/recovery/KeyDerivationParams.java
@@ -18,9 +18,11 @@
import android.annotation.IntDef;
import android.annotation.NonNull;
+import android.annotation.SystemApi;
import android.os.Parcel;
import android.os.Parcelable;
+
import com.android.internal.util.Preconditions;
import java.lang.annotation.Retention;
@@ -32,6 +34,7 @@
*
* @hide
*/
+@SystemApi
public final class KeyDerivationParams implements Parcelable {
private final int mAlgorithm;
private byte[] mSalt;
@@ -61,6 +64,9 @@
return new KeyDerivationParams(ALGORITHM_SHA256, salt);
}
+ /**
+ * @hide
+ */
// TODO: Make private once legacy API is removed
public KeyDerivationParams(@KeyDerivationAlgorithm int algorithm, @NonNull byte[] salt) {
mAlgorithm = algorithm;
@@ -92,9 +98,6 @@
}
};
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeInt(mAlgorithm);
diff --git a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java
index acf893b..0062d29 100644
--- a/core/java/android/security/keystore/recovery/LockScreenRequiredException.java
+++ b/core/java/android/security/keystore/recovery/LockScreenRequiredException.java
@@ -16,6 +16,8 @@
package android.security.keystore.recovery;
+import android.annotation.SystemApi;
+
import java.security.GeneralSecurityException;
/**
@@ -25,6 +27,7 @@
*
* @hide
*/
+@SystemApi
public class LockScreenRequiredException extends GeneralSecurityException {
public LockScreenRequiredException(String msg) {
super(msg);
diff --git a/core/java/android/security/keystore/recovery/RecoveryClaim.java b/core/java/android/security/keystore/recovery/RecoveryClaim.java
index 11385d8..45c6b4ff 100644
--- a/core/java/android/security/keystore/recovery/RecoveryClaim.java
+++ b/core/java/android/security/keystore/recovery/RecoveryClaim.java
@@ -20,6 +20,7 @@
* An attempt to recover a keychain protected by remote secure hardware.
*
* @hide
+ * Deprecated
*/
public class RecoveryClaim {
diff --git a/core/java/android/security/keystore/recovery/RecoveryController.java b/core/java/android/security/keystore/recovery/RecoveryController.java
index 2087317..71a36f1 100644
--- a/core/java/android/security/keystore/recovery/RecoveryController.java
+++ b/core/java/android/security/keystore/recovery/RecoveryController.java
@@ -19,6 +19,7 @@
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.annotation.RequiresPermission;
+import android.annotation.SystemApi;
import android.app.PendingIntent;
import android.content.Context;
import android.content.pm.PackageManager.NameNotFoundException;
@@ -52,6 +53,7 @@
*
* @hide
*/
+@SystemApi
public class RecoveryController {
private static final String TAG = "RecoveryController";
@@ -236,12 +238,13 @@
/**
* Gets aliases of recoverable keys for the application.
+ *
* @param packageName which recoverable keys' aliases will be returned.
*
* @return {@code List} of all aliases.
*/
public List<String> getAliases(@Nullable String packageName)
- throws RemoteException, InternalRecoveryServiceException {
+ throws InternalRecoveryServiceException {
try {
// TODO: update aidl
Map<String, Integer> allStatuses = mBinder.getRecoveryStatus(packageName);
@@ -400,8 +403,8 @@
}
/**
- * Generates a key called {@code alias} and loads it into the recoverable key store. Returns the
- * raw material of the key.
+ * Generates a AES256/GCM/NoPADDING key called {@code alias} and loads it into the recoverable
+ * key store. Returns the raw material of the key.
*
* @param alias The key alias.
* @param account The account associated with the key
diff --git a/core/java/android/security/keystore/recovery/RecoveryControllerException.java b/core/java/android/security/keystore/recovery/RecoveryControllerException.java
index 0fb7c07..2733aca 100644
--- a/core/java/android/security/keystore/recovery/RecoveryControllerException.java
+++ b/core/java/android/security/keystore/recovery/RecoveryControllerException.java
@@ -22,6 +22,7 @@
* Base exception for errors thrown by {@link RecoveryController}.
*
* @hide
+ * Deprecated
*/
public abstract class RecoveryControllerException extends GeneralSecurityException {
RecoveryControllerException() { }
diff --git a/core/java/android/security/keystore/recovery/RecoverySession.java b/core/java/android/security/keystore/recovery/RecoverySession.java
index 11bea96..4db5d6e 100644
--- a/core/java/android/security/keystore/recovery/RecoverySession.java
+++ b/core/java/android/security/keystore/recovery/RecoverySession.java
@@ -17,6 +17,8 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
+import android.annotation.RequiresPermission;
+import android.annotation.SystemApi;
import android.os.RemoteException;
import android.os.ServiceSpecificException;
import android.util.Log;
@@ -32,6 +34,7 @@
*
* @hide
*/
+@SystemApi
public class RecoverySession implements AutoCloseable {
private static final String TAG = "RecoverySession";
@@ -48,6 +51,7 @@
/**
* A new session, started by {@code recoveryManager}.
*/
+ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
static RecoverySession newInstance(RecoveryController recoveryController) {
return new RecoverySession(recoveryController, newSessionId());
}
@@ -88,6 +92,7 @@
* @throws InternalRecoveryServiceException if an unexpected error occurred in the recovery
* service.
*/
+ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@NonNull public byte[] start(
@NonNull byte[] verifierPublicKey,
@NonNull byte[] vaultParams,
@@ -125,6 +130,7 @@
* @throws DecryptionFailedException if unable to decrypt the snapshot.
* @throws InternalRecoveryServiceException if an error occurs internal to the recovery service.
*/
+ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
public Map<String, byte[]> recoverKeys(
@NonNull byte[] recoveryKeyBlob,
@NonNull List<WrappedApplicationKey> applicationKeys)
@@ -158,9 +164,8 @@
/**
* Deletes all data associated with {@code session}. Should not be invoked directly but via
* {@link RecoverySession#close()}.
- *
- * @hide
*/
+ @RequiresPermission(android.Manifest.permission.RECOVER_KEYSTORE)
@Override
public void close() {
try {
diff --git a/core/java/android/security/keystore/recovery/SessionExpiredException.java b/core/java/android/security/keystore/recovery/SessionExpiredException.java
index abee62e..8c18e41 100644
--- a/core/java/android/security/keystore/recovery/SessionExpiredException.java
+++ b/core/java/android/security/keystore/recovery/SessionExpiredException.java
@@ -16,14 +16,16 @@
package android.security.keystore.recovery;
-import java.security.GeneralSecurityException;
+import android.annotation.SystemApi;
+import java.security.GeneralSecurityException;
/**
* Error thrown when attempting to use a {@link RecoverySession} that has since expired.
*
* @hide
*/
+@SystemApi
public class SessionExpiredException extends GeneralSecurityException {
public SessionExpiredException(String msg) {
super(msg);
diff --git a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
index 2719137..f360bbe9 100644
--- a/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
+++ b/core/java/android/security/keystore/recovery/WrappedApplicationKey.java
@@ -17,6 +17,8 @@
package android.security.keystore.recovery;
import android.annotation.NonNull;
+import android.annotation.SystemApi;
+
import android.os.Parcel;
import android.os.Parcelable;
@@ -36,6 +38,7 @@
*
* @hide
*/
+@SystemApi
public final class WrappedApplicationKey implements Parcelable {
private String mAlias;
// The only supported format is AES-256 symmetric key.
@@ -143,9 +146,6 @@
}
};
- /**
- * @hide
- */
@Override
public void writeToParcel(Parcel out, int flags) {
out.writeString(mAlias);