Merge "Merge cherrypicks of [1532047, 1532728] into sparse-6719730-L66600000771150905" into sparse-6719730-L66600000771150905temp_b_183949145sparse-7039792-L71700000848891615sparse-7039792-L70200000848818895sparse-7039792-L55300000846717388sparse-7039792-L44400000849162800sparse-7039792-L27700000847585079sparse-7039792-L07600000848640428

10 files changed, 172 insertions, 24 deletions

diff --git a/buildSrc/src/main/kotlin/androidx/build/LibraryVersions.kt b/buildSrc/src/main/kotlin/androidx/build/LibraryVersions.kt
index dfca2fd2703..69595178432 100644
--- a/buildSrc/src/main/kotlin/androidx/build/LibraryVersions.kt
+++ b/buildSrc/src/main/kotlin/androidx/build/LibraryVersions.kt
@@ -89,7 +89,7 @@ object LibraryVersions {
     val REMOTECALLBACK = Version("1.0.0-alpha02")
     val ROOM = Version("2.3.0-alpha01")
     val SAVEDSTATE = Version("1.1.0-alpha01")
-    val SECURITY = Version("1.0.0-rc03")
+    val SECURITY = Version("1.0.0-rc04")
     val SECURITY_BIOMETRIC = Version("1.0.0-alpha01")
     val SECURITY_IDENTITY_CREDENTIAL = Version("1.0.0-alpha01")
     val SERIALIZATION = Version("1.0.0-alpha01")
diff --git a/security/crypto/api/1.0.0-rc04.txt b/security/crypto/api/1.0.0-rc04.txt
new file mode 100644
index 00000000000..3fb36a894d1
--- /dev/null
+++ b/security/crypto/api/1.0.0-rc04.txt
@@ -0,0 +1,49 @@
+// Signature format: 3.0
+package androidx.security.crypto {
+
+  public final class EncryptedFile {
+    method public java.io.FileInputStream openFileInput() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public java.io.FileOutputStream openFileOutput() throws java.security.GeneralSecurityException, java.io.IOException;
+  }
+
+  public static final class EncryptedFile.Builder {
+    ctor public EncryptedFile.Builder(java.io.File, android.content.Context, String, androidx.security.crypto.EncryptedFile.FileEncryptionScheme);
+    method public androidx.security.crypto.EncryptedFile build() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetAlias(String);
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetPrefName(String);
+  }
+
+  public enum EncryptedFile.FileEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedFile.FileEncryptionScheme AES256_GCM_HKDF_4KB;
+  }
+
+  public final class EncryptedSharedPreferences implements android.content.SharedPreferences {
+    method public boolean contains(String?);
+    method public static android.content.SharedPreferences create(String, String, android.content.Context, androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme, androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme) throws java.security.GeneralSecurityException, java.io.IOException;
+    method public android.content.SharedPreferences.Editor edit();
+    method public java.util.Map<java.lang.String!,?> getAll();
+    method public boolean getBoolean(String?, boolean);
+    method public float getFloat(String?, float);
+    method public int getInt(String?, int);
+    method public long getLong(String?, long);
+    method public String? getString(String?, String?);
+    method public java.util.Set<java.lang.String!>? getStringSet(String?, java.util.Set<java.lang.String!>?);
+    method public void registerOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+    method public void unregisterOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+  }
+
+  public enum EncryptedSharedPreferences.PrefKeyEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme AES256_SIV;
+  }
+
+  public enum EncryptedSharedPreferences.PrefValueEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme AES256_GCM;
+  }
+
+  public final class MasterKeys {
+    method public static String getOrCreate(android.security.keystore.KeyGenParameterSpec) throws java.security.GeneralSecurityException, java.io.IOException;
+    field public static final android.security.keystore.KeyGenParameterSpec AES256_GCM_SPEC;
+  }
+
+}
+
diff --git a/security/crypto/api/public_plus_experimental_1.0.0-rc04.txt b/security/crypto/api/public_plus_experimental_1.0.0-rc04.txt
new file mode 100644
index 00000000000..3fb36a894d1
--- /dev/null
+++ b/security/crypto/api/public_plus_experimental_1.0.0-rc04.txt
@@ -0,0 +1,49 @@
+// Signature format: 3.0
+package androidx.security.crypto {
+
+  public final class EncryptedFile {
+    method public java.io.FileInputStream openFileInput() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public java.io.FileOutputStream openFileOutput() throws java.security.GeneralSecurityException, java.io.IOException;
+  }
+
+  public static final class EncryptedFile.Builder {
+    ctor public EncryptedFile.Builder(java.io.File, android.content.Context, String, androidx.security.crypto.EncryptedFile.FileEncryptionScheme);
+    method public androidx.security.crypto.EncryptedFile build() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetAlias(String);
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetPrefName(String);
+  }
+
+  public enum EncryptedFile.FileEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedFile.FileEncryptionScheme AES256_GCM_HKDF_4KB;
+  }
+
+  public final class EncryptedSharedPreferences implements android.content.SharedPreferences {
+    method public boolean contains(String?);
+    method public static android.content.SharedPreferences create(String, String, android.content.Context, androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme, androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme) throws java.security.GeneralSecurityException, java.io.IOException;
+    method public android.content.SharedPreferences.Editor edit();
+    method public java.util.Map<java.lang.String!,?> getAll();
+    method public boolean getBoolean(String?, boolean);
+    method public float getFloat(String?, float);
+    method public int getInt(String?, int);
+    method public long getLong(String?, long);
+    method public String? getString(String?, String?);
+    method public java.util.Set<java.lang.String!>? getStringSet(String?, java.util.Set<java.lang.String!>?);
+    method public void registerOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+    method public void unregisterOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+  }
+
+  public enum EncryptedSharedPreferences.PrefKeyEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme AES256_SIV;
+  }
+
+  public enum EncryptedSharedPreferences.PrefValueEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme AES256_GCM;
+  }
+
+  public final class MasterKeys {
+    method public static String getOrCreate(android.security.keystore.KeyGenParameterSpec) throws java.security.GeneralSecurityException, java.io.IOException;
+    field public static final android.security.keystore.KeyGenParameterSpec AES256_GCM_SPEC;
+  }
+
+}
+
diff --git a/security/crypto/api/res-1.0.0-rc04.txt b/security/crypto/api/res-1.0.0-rc04.txt
new file mode 100644
index 00000000000..e69de29bb2d
--- /dev/null
+++ b/security/crypto/api/res-1.0.0-rc04.txt
diff --git a/security/crypto/api/restricted_1.0.0-rc04.txt b/security/crypto/api/restricted_1.0.0-rc04.txt
new file mode 100644
index 00000000000..3fb36a894d1
--- /dev/null
+++ b/security/crypto/api/restricted_1.0.0-rc04.txt
@@ -0,0 +1,49 @@
+// Signature format: 3.0
+package androidx.security.crypto {
+
+  public final class EncryptedFile {
+    method public java.io.FileInputStream openFileInput() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public java.io.FileOutputStream openFileOutput() throws java.security.GeneralSecurityException, java.io.IOException;
+  }
+
+  public static final class EncryptedFile.Builder {
+    ctor public EncryptedFile.Builder(java.io.File, android.content.Context, String, androidx.security.crypto.EncryptedFile.FileEncryptionScheme);
+    method public androidx.security.crypto.EncryptedFile build() throws java.security.GeneralSecurityException, java.io.IOException;
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetAlias(String);
+    method public androidx.security.crypto.EncryptedFile.Builder setKeysetPrefName(String);
+  }
+
+  public enum EncryptedFile.FileEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedFile.FileEncryptionScheme AES256_GCM_HKDF_4KB;
+  }
+
+  public final class EncryptedSharedPreferences implements android.content.SharedPreferences {
+    method public boolean contains(String?);
+    method public static android.content.SharedPreferences create(String, String, android.content.Context, androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme, androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme) throws java.security.GeneralSecurityException, java.io.IOException;
+    method public android.content.SharedPreferences.Editor edit();
+    method public java.util.Map<java.lang.String!,?> getAll();
+    method public boolean getBoolean(String?, boolean);
+    method public float getFloat(String?, float);
+    method public int getInt(String?, int);
+    method public long getLong(String?, long);
+    method public String? getString(String?, String?);
+    method public java.util.Set<java.lang.String!>? getStringSet(String?, java.util.Set<java.lang.String!>?);
+    method public void registerOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+    method public void unregisterOnSharedPreferenceChangeListener(android.content.SharedPreferences.OnSharedPreferenceChangeListener);
+  }
+
+  public enum EncryptedSharedPreferences.PrefKeyEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefKeyEncryptionScheme AES256_SIV;
+  }
+
+  public enum EncryptedSharedPreferences.PrefValueEncryptionScheme {
+    enum_constant public static final androidx.security.crypto.EncryptedSharedPreferences.PrefValueEncryptionScheme AES256_GCM;
+  }
+
+  public final class MasterKeys {
+    method public static String getOrCreate(android.security.keystore.KeyGenParameterSpec) throws java.security.GeneralSecurityException, java.io.IOException;
+    field public static final android.security.keystore.KeyGenParameterSpec AES256_GCM_SPEC;
+  }
+
+}
+
diff --git a/security/crypto/build.gradle b/security/crypto/build.gradle
index 4403e5836a2..3361c86d512 100644
--- a/security/crypto/build.gradle
+++ b/security/crypto/build.gradle
@@ -28,7 +28,7 @@ plugins {
 dependencies {
     api("androidx.annotation:annotation:1.1.0")
 
-    implementation("com.google.crypto.tink:tink-android:1.4.0")
+    implementation("com.google.crypto.tink:tink-android:1.5.0")
 
     androidTestImplementation(ANDROIDX_TEST_EXT_JUNIT)
     androidTestImplementation(ANDROIDX_TEST_CORE)
diff --git a/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java b/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
index 301a4d263e0..0eb4a001a7e 100644
--- a/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
+++ b/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedFileTest.java
@@ -28,10 +28,9 @@ import androidx.test.filters.SmallTest;
 
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.StreamingAead;
-import com.google.crypto.tink.config.TinkConfig;
 import com.google.crypto.tink.integration.android.AndroidKeysetManager;
-import com.google.crypto.tink.streamingaead.StreamingAeadFactory;
-import com.google.crypto.tink.streamingaead.StreamingAeadKeyTemplates;
+import com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager;
+import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
 
 import org.junit.Assert;
 import org.junit.Before;
@@ -234,17 +233,17 @@ public class EncryptedFileTest {
         outputStream.flush();
         outputStream.close();
 
-        TinkConfig.register();
+        StreamingAeadConfig.register();
         KeysetHandle streadmingAeadKeysetHandle = new AndroidKeysetManager.Builder()
-                .withKeyTemplate(StreamingAeadKeyTemplates.AES256_GCM_HKDF_4KB)
+                .withKeyTemplate(AesGcmHkdfStreamingKeyManager.aes256GcmHkdf4KBTemplate())
                 .withSharedPref(mContext,
                         "__androidx_security_crypto_encrypted_file_keyset__",
                         "__androidx_security_crypto_encrypted_file_pref__")
                 .withMasterKeyUri(KEYSTORE_PATH_URI + mMasterKeyAlias)
                 .build().getKeysetHandle();
 
-        StreamingAead streamingAead = StreamingAeadFactory.getPrimitive(
-                streadmingAeadKeysetHandle);
+        StreamingAead streamingAead =
+                streadmingAeadKeysetHandle.getPrimitive(StreamingAead.class);
 
         FileInputStream fileInputStream = new FileInputStream(file);
         InputStream inputStream = streamingAead.newDecryptingStream(fileInputStream,
diff --git a/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedSharedPreferencesTest.java b/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedSharedPreferencesTest.java
index 0807ca9fd7e..9117c8dfbd3 100644
--- a/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedSharedPreferencesTest.java
+++ b/security/crypto/src/androidTest/java/androidx/security/crypto/EncryptedSharedPreferencesTest.java
@@ -32,11 +32,10 @@ import androidx.test.filters.MediumTest;
 import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.DeterministicAead;
 import com.google.crypto.tink.KeysetHandle;
-import com.google.crypto.tink.aead.AeadFactory;
-import com.google.crypto.tink.aead.AeadKeyTemplates;
-import com.google.crypto.tink.config.TinkConfig;
-import com.google.crypto.tink.daead.DeterministicAeadFactory;
-import com.google.crypto.tink.daead.DeterministicAeadKeyTemplates;
+import com.google.crypto.tink.aead.AeadConfig;
+import com.google.crypto.tink.aead.AesGcmKeyManager;
+import com.google.crypto.tink.daead.AesSivKeyManager;
+import com.google.crypto.tink.daead.DeterministicAeadConfig;
 import com.google.crypto.tink.integration.android.AndroidKeysetManager;
 import com.google.crypto.tink.subtle.Base64;
 
@@ -362,17 +361,18 @@ public class EncryptedSharedPreferencesTest {
         encryptedEditor.commit();
 
         // Set up Tink
-        TinkConfig.register();
+        DeterministicAeadConfig.register();
+        AeadConfig.register();
 
         KeysetHandle daeadKeysetHandle = new AndroidKeysetManager.Builder()
-                .withKeyTemplate(DeterministicAeadKeyTemplates.AES256_SIV)
+                .withKeyTemplate(AesSivKeyManager.aes256SivTemplate())
                 .withSharedPref(mContext,
                         "__androidx_security_crypto_encrypted_prefs_key_keyset__", tinkTestPrefs)
                 .withMasterKeyUri(KEYSTORE_PATH_URI + "_androidx_security_master_key_")
                 .build().getKeysetHandle();
 
-        DeterministicAead deterministicAead = DeterministicAeadFactory.getPrimitive(
-                daeadKeysetHandle);
+        DeterministicAead deterministicAead =
+                daeadKeysetHandle.getPrimitive(DeterministicAead.class);
         byte[] encryptedKey = deterministicAead.encryptDeterministically(testKey.getBytes(UTF_8),
                 tinkTestPrefs.getBytes());
         String encodedKey = Base64.encode(encryptedKey);
@@ -383,13 +383,13 @@ public class EncryptedSharedPreferencesTest {
         Assert.assertTrue("Key should exist if Tink is compatible.", keyExists);
 
         KeysetHandle aeadKeysetHandle = new AndroidKeysetManager.Builder()
-                .withKeyTemplate(AeadKeyTemplates.AES256_GCM)
+                .withKeyTemplate(AesGcmKeyManager.aes256GcmTemplate())
                 .withSharedPref(mContext,
                         "__androidx_security_crypto_encrypted_prefs_value_keyset__", tinkTestPrefs)
                 .withMasterKeyUri(KEYSTORE_PATH_URI + "_androidx_security_master_key_")
                 .build().getKeysetHandle();
 
-        Aead aead = AeadFactory.getPrimitive(aeadKeysetHandle);
+        Aead aead = aeadKeysetHandle.getPrimitive(Aead.class);
 
         String encryptedValue = sharedPreferences.getString(encodedKey, null);
         byte[] cipherText = Base64.decode(encryptedValue);
diff --git a/security/crypto/src/main/java/androidx/security/crypto/EncryptedFile.java b/security/crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
index 76e886a119f..ed0ff0a6997 100644
--- a/security/crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
+++ b/security/crypto/src/main/java/androidx/security/crypto/EncryptedFile.java
@@ -27,9 +27,9 @@ import androidx.annotation.NonNull;
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.KeysetHandle;
 import com.google.crypto.tink.StreamingAead;
-import com.google.crypto.tink.config.TinkConfig;
 import com.google.crypto.tink.integration.android.AndroidKeysetManager;
 import com.google.crypto.tink.streamingaead.AesGcmHkdfStreamingKeyManager;
+import com.google.crypto.tink.streamingaead.StreamingAeadConfig;
 
 import java.io.File;
 import java.io.FileDescriptor;
@@ -163,7 +163,7 @@ public final class EncryptedFile {
          */
         @NonNull
         public EncryptedFile build() throws GeneralSecurityException, IOException {
-            TinkConfig.register();
+            StreamingAeadConfig.register();
 
             KeysetHandle streadmingAeadKeysetHandle = new AndroidKeysetManager.Builder()
                     .withKeyTemplate(mFileEncryptionScheme.getKeyTemplate())
diff --git a/security/crypto/src/main/java/androidx/security/crypto/EncryptedSharedPreferences.java b/security/crypto/src/main/java/androidx/security/crypto/EncryptedSharedPreferences.java
index b7dbdc9e517..0f727ceedc4 100644
--- a/security/crypto/src/main/java/androidx/security/crypto/EncryptedSharedPreferences.java
+++ b/security/crypto/src/main/java/androidx/security/crypto/EncryptedSharedPreferences.java
@@ -32,9 +32,10 @@ import com.google.crypto.tink.Aead;
 import com.google.crypto.tink.DeterministicAead;
 import com.google.crypto.tink.KeyTemplate;
 import com.google.crypto.tink.KeysetHandle;
+import com.google.crypto.tink.aead.AeadConfig;
 import com.google.crypto.tink.aead.AesGcmKeyManager;
-import com.google.crypto.tink.config.TinkConfig;
 import com.google.crypto.tink.daead.AesSivKeyManager;
+import com.google.crypto.tink.daead.DeterministicAeadConfig;
 import com.google.crypto.tink.integration.android.AndroidKeysetManager;
 import com.google.crypto.tink.subtle.Base64;
 
@@ -112,7 +113,8 @@ public final class EncryptedSharedPreferences implements SharedPreferences {
             @NonNull PrefKeyEncryptionScheme prefKeyEncryptionScheme,
             @NonNull PrefValueEncryptionScheme prefValueEncryptionScheme)
             throws GeneralSecurityException, IOException {
-        TinkConfig.register();
+        DeterministicAeadConfig.register();
+        AeadConfig.register();
 
         KeysetHandle daeadKeysetHandle = new AndroidKeysetManager.Builder()
                 .withKeyTemplate(prefKeyEncryptionScheme.getKeyTemplate())