diff options
| author | Kenny Root <kroot@google.com> | 2013-04-10 10:37:55 -0700 |
|---|---|---|
| committer | Kenny Root <kroot@google.com> | 2013-04-10 23:36:13 -0700 |
| commit | a3788b00bb221e20abdd42f747d2af419e0a088c (patch) | |
| tree | 227a48273035bfbf5f7d1beb53a43c1340bb7418 /keystore/java/android | |
| parent | f8a67f4f5dd4c5499a6e7148331f0286e31203ec (diff) | |
| download | frameworks_base-a3788b00bb221e20abdd42f747d2af419e0a088c.zip frameworks_base-a3788b00bb221e20abdd42f747d2af419e0a088c.tar.gz frameworks_base-a3788b00bb221e20abdd42f747d2af419e0a088c.tar.bz2 | |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
Diffstat (limited to 'keystore/java/android')
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 852f0bb..309d3d3 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -40,6 +40,9 @@ public class KeyStore { public static final int UNDEFINED_ACTION = 9; public static final int WRONG_PASSWORD = 10; + // Flags for "put" and "import" + public static final int FLAG_ENCRYPTED = 1; + // States public enum State { UNLOCKED, LOCKED, UNINITIALIZED }; @@ -87,15 +90,19 @@ public class KeyStore { } } - public boolean put(String key, byte[] value, int uid) { + public boolean put(String key, byte[] value, int uid, int flags) { try { - return mBinder.insert(key, value, uid) == NO_ERROR; + return mBinder.insert(key, value, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean put(String key, byte[] value, int uid) { + return put(key, value, uid, FLAG_ENCRYPTED); + } + public boolean put(String key, byte[] value) { return put(key, value, -1); } @@ -185,28 +192,36 @@ public class KeyStore { } } - public boolean generate(String key, int uid) { + public boolean generate(String key, int uid, int flags) { try { - return mBinder.generate(key, uid) == NO_ERROR; + return mBinder.generate(key, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean generate(String key, int uid) { + return generate(key, uid, FLAG_ENCRYPTED); + } + public boolean generate(String key) { return generate(key, -1); } - public boolean importKey(String keyName, byte[] key, int uid) { + public boolean importKey(String keyName, byte[] key, int uid, int flags) { try { - return mBinder.import_key(keyName, key, uid) == NO_ERROR; + return mBinder.import_key(keyName, key, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean importKey(String keyName, byte[] key, int uid) { + return importKey(keyName, key, uid, FLAG_ENCRYPTED); + } + public boolean importKey(String keyName, byte[] key) { return importKey(keyName, key, -1); } |