diff options
author | Kenny Root <kroot@google.com> | 2013-04-10 10:37:55 -0700 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2013-04-15 11:09:29 -0700 |
commit | 4622351159b51bf072fe12833b574cf38f9400c8 (patch) | |
tree | e8c71ae1cd0293863d679d9700cba106bb5a089c /keystore | |
parent | 5678bacdffb6871b0d5b428548315cc3bba430bd (diff) | |
download | frameworks_base-4622351159b51bf072fe12833b574cf38f9400c8.zip frameworks_base-4622351159b51bf072fe12833b574cf38f9400c8.tar.gz frameworks_base-4622351159b51bf072fe12833b574cf38f9400c8.tar.bz2 |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
(cherry picked from commit a3788b00bb221e20abdd42f747d2af419e0a088c)
Bug: 8122243
Change-Id: Ifc1c64743651b23a4eace208ade0176af47ea989
Diffstat (limited to 'keystore')
-rw-r--r-- | keystore/java/android/security/KeyStore.java | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 852f0bb..309d3d3 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -40,6 +40,9 @@ public class KeyStore { public static final int UNDEFINED_ACTION = 9; public static final int WRONG_PASSWORD = 10; + // Flags for "put" and "import" + public static final int FLAG_ENCRYPTED = 1; + // States public enum State { UNLOCKED, LOCKED, UNINITIALIZED }; @@ -87,15 +90,19 @@ public class KeyStore { } } - public boolean put(String key, byte[] value, int uid) { + public boolean put(String key, byte[] value, int uid, int flags) { try { - return mBinder.insert(key, value, uid) == NO_ERROR; + return mBinder.insert(key, value, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean put(String key, byte[] value, int uid) { + return put(key, value, uid, FLAG_ENCRYPTED); + } + public boolean put(String key, byte[] value) { return put(key, value, -1); } @@ -185,28 +192,36 @@ public class KeyStore { } } - public boolean generate(String key, int uid) { + public boolean generate(String key, int uid, int flags) { try { - return mBinder.generate(key, uid) == NO_ERROR; + return mBinder.generate(key, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean generate(String key, int uid) { + return generate(key, uid, FLAG_ENCRYPTED); + } + public boolean generate(String key) { return generate(key, -1); } - public boolean importKey(String keyName, byte[] key, int uid) { + public boolean importKey(String keyName, byte[] key, int uid, int flags) { try { - return mBinder.import_key(keyName, key, uid) == NO_ERROR; + return mBinder.import_key(keyName, key, uid, flags) == NO_ERROR; } catch (RemoteException e) { Log.w(TAG, "Cannot connect to keystore", e); return false; } } + public boolean importKey(String keyName, byte[] key, int uid) { + return importKey(keyName, key, uid, FLAG_ENCRYPTED); + } + public boolean importKey(String keyName, byte[] key) { return importKey(keyName, key, -1); } |