summaryrefslogtreecommitdiffstats
path: root/keystore
diff options
context:
space:
mode:
authorKenny Root <kroot@google.com>2013-04-10 10:37:55 -0700
committerKenny Root <kroot@google.com>2013-04-15 11:09:29 -0700
commit4622351159b51bf072fe12833b574cf38f9400c8 (patch)
treee8c71ae1cd0293863d679d9700cba106bb5a089c /keystore
parent5678bacdffb6871b0d5b428548315cc3bba430bd (diff)
downloadframeworks_base-4622351159b51bf072fe12833b574cf38f9400c8.zip
frameworks_base-4622351159b51bf072fe12833b574cf38f9400c8.tar.gz
frameworks_base-4622351159b51bf072fe12833b574cf38f9400c8.tar.bz2
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit a3788b00bb221e20abdd42f747d2af419e0a088c) Bug: 8122243 Change-Id: Ifc1c64743651b23a4eace208ade0176af47ea989
Diffstat (limited to 'keystore')
-rw-r--r--keystore/java/android/security/KeyStore.java27
1 files changed, 21 insertions, 6 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 852f0bb..309d3d3 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java
@@ -40,6 +40,9 @@ public class KeyStore {
public static final int UNDEFINED_ACTION = 9;
public static final int WRONG_PASSWORD = 10;
+ // Flags for "put" and "import"
+ public static final int FLAG_ENCRYPTED = 1;
+
// States
public enum State { UNLOCKED, LOCKED, UNINITIALIZED };
@@ -87,15 +90,19 @@ public class KeyStore {
}
}
- public boolean put(String key, byte[] value, int uid) {
+ public boolean put(String key, byte[] value, int uid, int flags) {
try {
- return mBinder.insert(key, value, uid) == NO_ERROR;
+ return mBinder.insert(key, value, uid, flags) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean put(String key, byte[] value, int uid) {
+ return put(key, value, uid, FLAG_ENCRYPTED);
+ }
+
public boolean put(String key, byte[] value) {
return put(key, value, -1);
}
@@ -185,28 +192,36 @@ public class KeyStore {
}
}
- public boolean generate(String key, int uid) {
+ public boolean generate(String key, int uid, int flags) {
try {
- return mBinder.generate(key, uid) == NO_ERROR;
+ return mBinder.generate(key, uid, flags) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean generate(String key, int uid) {
+ return generate(key, uid, FLAG_ENCRYPTED);
+ }
+
public boolean generate(String key) {
return generate(key, -1);
}
- public boolean importKey(String keyName, byte[] key, int uid) {
+ public boolean importKey(String keyName, byte[] key, int uid, int flags) {
try {
- return mBinder.import_key(keyName, key, uid) == NO_ERROR;
+ return mBinder.import_key(keyName, key, uid, flags) == NO_ERROR;
} catch (RemoteException e) {
Log.w(TAG, "Cannot connect to keystore", e);
return false;
}
}
+ public boolean importKey(String keyName, byte[] key, int uid) {
+ return importKey(keyName, key, uid, FLAG_ENCRYPTED);
+ }
+
public boolean importKey(String keyName, byte[] key) {
return importKey(keyName, key, -1);
}