summaryrefslogtreecommitdiffstats
path: root/keystore/java/android
Commit message (Collapse)AuthorAgeFilesLines
...
* | resolved conflicts for merge of b068f162 to masterAlex Klyubin2015-04-037-54/+78
|\ \ | |/ | | | | Change-Id: I5bc234e1da047880d3437a861ff93474a9797e18
| * Merge "Rename KeymasterException to KeyStoreException."Alex Klyubin2015-04-037-51/+75
| |\
| | * Rename KeymasterException to KeyStoreException.Alex Klyubin2015-04-027-51/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The code in question talks to KeyStore which returns error codes which are a mix of keystore and keymaster error codes. To better match the layering of KeyStore on top of keystore and keymaster, this CL renames KeymasterException into KeyStoreException. It also adds human-readable error messages to exceptions raised by keystore rather than keymaster (e.g., key not found). Bug: 18088752 Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88
* | | am c869ac1b: am ec029e55: am b292e49b: Merge "Obtain SPI without using ↵Alex Klyubin2015-04-031-14/+7
|\ \ \ | |/ / | | | | | | | | | | | | | | | Reflection." * commit 'c869ac1b7d163282ffdebf4ce9b32c479766f52d': Obtain SPI without using Reflection.
| * | Obtain SPI without using Reflection.Alex Klyubin2015-04-031-14/+7
| |/ | | | | | | | | Bug: 18088752 Change-Id: I76d42e17f5f28af6fd9a96ee812d286f6c6a085b
* | Add fingerprint-specific API to KeyPairGeneratorSpec.Alex Klyubin2015-04-021-3/+39
| | | | | | | | | | | | | | | | This is identical to the existing API in KeyStoreParameter and KeyGeneratorSpec. Bug: 18088752 Change-Id: I8aad4fdeb858cc9586f46d5a81561505914ac334
* | am 58031d5e: am 378df98e: am 3cc9e5d6: Merge "Improve the ↵Alex Klyubin2015-04-022-10/+18
|\ \ | |/ | | | | | | | | | | AndroidKeyStore-backed HMAC state machine." * commit '58031d5eb5531f8bc45ac1789ea1cc9134591358': Improve the AndroidKeyStore-backed HMAC state machine.
| * Merge "Improve the AndroidKeyStore-backed HMAC state machine."Alex Klyubin2015-04-022-10/+18
| |\
| | * Improve the AndroidKeyStore-backed HMAC state machine.Alex Klyubin2015-04-012-10/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | This defers the start of a new KeyStore operation after Mac.doFinal until the next Mac.update or .doFinal. Previously, the a new KeyStore operation was started immediately, at the end of doFinal. Bug: 18088752 Change-Id: I2d594067ef261f519631d09f7a6087b715801656
* | | resolved conflicts for merge of e7e705d4 to masterAlex Klyubin2015-04-023-17/+458
|\ \ \ | |/ / | | | | | | Change-Id: If3e8c985f4f122f9fb36aab206787aac1407a74e
| * | Merge "Expose new key use constraints in KeyPairGeneratorSpec."Alex Klyubin2015-04-023-17/+458
| |\ \
| | * | Expose new key use constraints in KeyPairGeneratorSpec.Alex Klyubin2015-04-023-17/+458
| | |/ | | | | | | | | | | | | | | | | | | The constraints are currently ignored. Bug: 18088752 Change-Id: Iabd2018200afb2bf8ac1748d1def47af74bfb9d3
* | | am a44e7fd6: am 957e982c: am d2eec1a7: Merge "Add exception types for ↵Alex Klyubin2015-04-024-0/+115
|\ \ \ | |/ / | | | | | | | | | | | | | | | AndroidKeyStore key validity issues." * commit 'a44e7fd6228638f25472e331241a5d1f5cfaacbf': Add exception types for AndroidKeyStore key validity issues.
| * | Add exception types for AndroidKeyStore key validity issues.Alex Klyubin2015-04-014-0/+115
| |/ | | | | | | | | Bug: 18088752 Change-Id: I7494cb6a793e2b57bb849a4253bba2803778c161
* | Add fingerprint-specific AndroidKeyStore API.Alex Klyubin2015-04-019-6/+153
| | | | | | | | | | Bug: 18088752 Change-Id: I333d3ffc820d28ae678e28dafc2e8a24cb7eb073
* | am 66b96b59: am 78014a78: am 04047af6: Merge "Use Keymaster-friendly ↵Alex Klyubin2015-04-023-27/+41
|\ \ | |/ | | | | | | | | | | validity dates." * commit '66b96b59774838998b1e67f83f3d67be5cc3a3e2': Use Keymaster-friendly validity dates.
| * Use Keymaster-friendly validity dates.Alex Klyubin2015-04-013-27/+41
| | | | | | | | | | | | | | | | | | | | Keymaster HAL currently requires that key validity start and end dates always be specified. The framework API does not. This CL expresses the framework API's "not specified" instants to Keymaster as instants in distant past or future. Bug: 18088752 Change-Id: Ia9d66d5e57bfca30628cdef6e0925a2781a3acfb
* | am 838f054f: am a4ea4726: am c461452e: Merge "Hook in user authenticators ↵Alex Klyubin2015-04-019-30/+159
|\ \ | |/ | | | | | | | | | | and their exceptions." * commit '838f054f88447d575afff105810800d95dd3eb13': Hook in user authenticators and their exceptions.
| * Merge "Hook in user authenticators and their exceptions."Alex Klyubin2015-04-019-30/+159
| |\
| | * Hook in user authenticators and their exceptions.Alex Klyubin2015-03-319-30/+159
| | | | | | | | | | | | | | | Bug: 18088752 Change-Id: I2835dbe51d09587a3081597c6aaf536aa1427e24
* | | am 93e029e0: am f00cdf68: am c6cc9d82: Merge "A way to obtain KeyStore ↵Alex Klyubin2015-04-014-3/+103
|\ \ \ | |/ / | | | | | | | | | | | | | | | operation handle from crypto primitives." * commit '93e029e0066737f9f09f6dfef95dc664dc236b15': A way to obtain KeyStore operation handle from crypto primitives.
| * | A way to obtain KeyStore operation handle from crypto primitives.Alex Klyubin2015-03-314-3/+103
| |/ | | | | | | | | | | | | | | | | | | This adds AndroidKeyStore.getKeyStoreOperationHandle method which can be used to obtain the KeyStore operation handle corresponding to the provided JCA cryto primitive (provided it's backed by AndroidKeyStore). Bug: 18088752 Change-Id: Iaa3b6f9b2281b2ec2de8fd5946d353dc7fdb3d2d
* | am f0c71ceb: am 01e53ef1: am b7a34e49: Merge "Add license banner to recently ↵Alex Klyubin2015-04-0114-0/+224
|\ \ | |/ | | | | | | | | | | added AndroidKeyStore files." * commit 'f0c71ceb8a9bbd9bbd793e599d08e29d77a509f8': Add license banner to recently added AndroidKeyStore files.
| * Add license banner to recently added AndroidKeyStore files.Alex Klyubin2015-03-3114-0/+224
| | | | | | | | | | Bug: 18088752 Change-Id: I027f9530a02cca081aae8eb94833d2fdcb678e9a
* | am c230e190: am 9c0f257f: am 19e79e12: Merge "Add SecretKeyFactory backed by ↵Alex Klyubin2015-04-016-1/+445
|\ \ | |/ | | | | | | | | | | AndroidKeyStore." * commit 'c230e1908f6307913e5af644a6594cc0f9f3fb93': Add SecretKeyFactory backed by AndroidKeyStore.
| * Add SecretKeyFactory backed by AndroidKeyStore.Alex Klyubin2015-03-316-1/+445
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This factory provides a way to obtain information about a SecretKey backed by AndroidKeyStore. The information is provided in a form of an instance of KeyStoreKeySpec class. EXAMPLE SecretKeyFactory factory = SecretKeyFactory.getInstance( key.getAlgorithm(), "AndroidKeyStore"); KeyStoreKeySpec keySpec = factory.getKeySpec(key, KeyStoreKeySpec.class); Bug: 18088752 Change-Id: I26c9dd544f80230fe7039501eeb471eaf875452b
* | am d684ebd3: am 0bd10c21: am 5960c3d5: Merge "Add unauthenticated AES ↵Alex Klyubin2015-03-317-111/+758
|\ \ | |/ | | | | | | | | | | ciphers backed by AndroidKeyStore." * commit 'd684ebd3a62cb026048d9eebacddb0f824113a5e': Add unauthenticated AES ciphers backed by AndroidKeyStore.
| * Add unauthenticated AES ciphers backed by AndroidKeyStore.Alex Klyubin2015-03-317-111/+758
| | | | | | | | | | | | | | | | | | | | | | | | This adds the following AES transformations: * AES/ECB/NoPadding * AES/ECB/PKCS7Padding * AES/CBC/NoPadding * AES/CBC/PKCS7Padding * AES/CTR/NoPadding Bug: 18088752 Change-Id: I3e4702e59868f8f2225c31b1c159d20008b9999d
* | am 7ca65f09: am b000d129: am 6a6f0c7d: Merge "Add HmacSHA256 backed by ↵Alex Klyubin2015-03-309-4/+472
|\ \ | |/ | | | | | | | | | | AndroidKeyStore." * commit '7ca65f09013e807b6df61b2ba3e650a09ceff432': Add HmacSHA256 backed by AndroidKeyStore.
| * Merge "Add HmacSHA256 backed by AndroidKeyStore."Alex Klyubin2015-03-309-4/+472
| |\
| | * Add HmacSHA256 backed by AndroidKeyStore.Alex Klyubin2015-03-309-4/+472
| | | | | | | | | | | | | | | | | | | | | | | | This also adds the MAC length constraint on imported HMAC keys. HMAC doesn't work without this constraint at the moment. Bug: 18088752 Change-Id: I8613f58f5d2a84df00bcf6179d13e30619440330
* | | am 7081a168: am 5341d83c: am f603e286: Merge "Add authorization binder methods"Chad Brubaker2015-03-301-0/+30
|\ \ \ | |/ / | | | | | | | | | * commit '7081a16859cdcf32f565379a8179ddc7b50b3c1d': Add authorization binder methods
| * | Merge "Add authorization binder methods"Chad Brubaker2015-03-301-0/+30
| |\ \ | | |/ | |/|
| | * Add authorization binder methodsChad Brubaker2015-03-171-0/+30
| | | | | | | | | | | | | | | | | | | | | Add methods for sending an auth token to keystore and to query the authorization state of a given operation. Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8
* | | am 23c2b8e8: am d7e06104: am 36ee836d: Merge "Symmetric key generation for ↵Alex Klyubin2015-03-277-0/+765
|\ \ \ | |/ / | | | | | | | | | | | | | | | AndroidKeyStore." * commit '23c2b8e81ec5a6e0c344f09e728d87300ac29bc2': Symmetric key generation for AndroidKeyStore.
| * | Symmetric key generation for AndroidKeyStore.Alex Klyubin2015-03-277-0/+765
| | | | | | | | | | | | | | | | | | | | | This currently supports AES and HMAC with SHA-256. Bug: 18088752 Change-Id: Ife55438cf4129b895295681bb35091cd37eb73fb
* | | am db22c659: am 3e89fac5: am dbd9a4b6: Merge "Allow entropy to be provided ↵Chad Brubaker2015-03-271-7/+7
|\ \ \ | |/ / | | | | | | | | | | | | | | | to some operations" * commit 'db22c6595c1b1949ff5473517609a7315b8e130f': Allow entropy to be provided to some operations
| * | Allow entropy to be provided to some operationsChad Brubaker2015-03-271-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | generateKey and begin can now optionally take an array of bytes to add to the rng entropy of the device before the operation. If entropy is specified and the device does not support add_rng_entropy or the call fails then that device will not be used, leading to fallback or error depending on the situation. Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
* | | am 8e7df37c: am d880dc2f: am 274a4ee3: Merge "Symmetric key import for ↵Alex Klyubin2015-03-276-20/+1135
|\ \ \ | |/ / | | | | | | | | | | | | | | | AndroidKeyStore." * commit '8e7df37c9af178cd443c487f258773c0017501aa': Symmetric key import for AndroidKeyStore.
| * | Symmetric key import for AndroidKeyStore.Alex Klyubin2015-03-266-20/+1135
| | | | | | | | | | | | | | | | | | | | | | | | AES and HmacSHA256 symmetric keys can now be imported into AndroidKeyStore. These keys cannot yet be used. Bug: 18088752 Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
* | | am 6558d4e7: am ee468ea8: am 6326f964: Merge "Make application/client id an ↵Chad Brubaker2015-03-251-2/+4
|\ \ \ | |/ / | | | | | | | | | | | | | | | object" * commit '6558d4e75e8a129b1b1a78824ed091962a2574ef': Make application/client id an object
| * | Make application/client id an objectChad Brubaker2015-03-211-2/+4
| |/ | | | | | | | | | | | | | | Having it as a raw byte[] caused issues in keystore because keymaster handles a null blob differently than a blob with null contents. Make this explicit in the API. Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
* | am f271fa33: am cdc70256: am f3c117ca: Merge "Add new IKeystoreService ↵Chad Brubaker2015-02-241-0/+111
|\ \ | |/ | | | | | | | | | | methods to KeyStore" * commit 'f271fa33f148b0c410e8ee06aceb1f2b57cd62c7': Add new IKeystoreService methods to KeyStore
| * Add new IKeystoreService methods to KeyStoreChad Brubaker2015-02-231-0/+111
| | | | | | | | | | | | | | Add wrappers for all the new IKeystoreService keymaster 0.4 methods to android.security.KeyStore. Change-Id: Icb5500cfffb62d1af326edf326e1b9b67e5cece9
* | Device Policy API to choose a private key silentlyRobin Lee2015-02-051-1/+55
|/ | | | | | | | | Support for certificate chooser (keychain) to first query a profile owner (if one exists) for a silent credentials grant which will be passed back to the caller as an alias. Bug: 15065444 Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
* Merge "Remove DSA support from Android KeyStore and KeyChain."Alex Klyubin2015-01-162-9/+7
|\
| * Remove DSA support from Android KeyStore and KeyChain.Alex Klyubin2015-01-142-9/+7
| | | | | | | | | | | | | | We're switching from OpenSSL to BoringSSL which does not support DSA. Bug: 17409664 Change-Id: Id9b52666ba9ef234076105c925610b5b312988a5
* | Merge "Add KeyPairGenerator.EC backed by Android KeyStore."Alex Klyubin2015-01-164-90/+140
|\ \ | |/ |/|
| * Add KeyPairGenerator.EC backed by Android KeyStore.Alex Klyubin2015-01-144-90/+140
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Android KeyStore backed KeyPairGenerator can generate EC key pairs, but it cannot be instantiated via the standard JCA approach of KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the user must invoke KeyPairGenerator.getInstance("RSA", "AndroidKeyStore") and then tell it to generate an EC key pair. This CL fixes this weirdness. The fix requires the introduction of late resolution of key algorithm and default key size. Prior to this CL, these parameters were resolved prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec. In this CL, these parameters are resolved during KeyPairGenerator initialization. This is fine because KeyPairGeneratorSpec should be as dumb as possible and all the logic should reside in KeyPairGenerator and lower layers. Bug: 19018089 Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
* | Generate IKeystoreService using aidlChad Brubaker2015-01-131-1/+2
|/ | | | | | | | This replaces IKeystoreService.java with IKeystoreService.aidl and changes the methods that passed down a byte[][] to instead pass down a KeystoreArguments which is currently a thin parcelable wrapper around a byte[][]. Change-Id: I6367bcf57562f41a27aab14f1903b74995cb65c2
generated by cgit v1.1 at 2025-08-17 16:35:15 +0000