| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
AndroidKeyStore key validity issues."
* commit 'a44e7fd6228638f25472e331241a5d1f5cfaacbf':
Add exception types for AndroidKeyStore key validity issues.
|
| |/
| |
| |
| |
| | |
Bug: 18088752
Change-Id: I7494cb6a793e2b57bb849a4253bba2803778c161
|
| |
| |
| |
| |
| | |
Bug: 18088752
Change-Id: I333d3ffc820d28ae678e28dafc2e8a24cb7eb073
|
|\ \
| |/
| |
| |
| |
| |
| | |
validity dates."
* commit '66b96b59774838998b1e67f83f3d67be5cc3a3e2':
Use Keymaster-friendly validity dates.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Keymaster HAL currently requires that key validity start and end dates
always be specified. The framework API does not. This CL expresses
the framework API's "not specified" instants to Keymaster as instants
in distant past or future.
Bug: 18088752
Change-Id: Ia9d66d5e57bfca30628cdef6e0925a2781a3acfb
|
|\ \
| |/
| |
| |
| |
| |
| | |
and their exceptions."
* commit '838f054f88447d575afff105810800d95dd3eb13':
Hook in user authenticators and their exceptions.
|
| |\ |
|
| | |
| | |
| | |
| | |
| | | |
Bug: 18088752
Change-Id: I2835dbe51d09587a3081597c6aaf536aa1427e24
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
operation handle from crypto primitives."
* commit '93e029e0066737f9f09f6dfef95dc664dc236b15':
A way to obtain KeyStore operation handle from crypto primitives.
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds AndroidKeyStore.getKeyStoreOperationHandle method which can
be used to obtain the KeyStore operation handle corresponding to the
provided JCA cryto primitive (provided it's backed by
AndroidKeyStore).
Bug: 18088752
Change-Id: Iaa3b6f9b2281b2ec2de8fd5946d353dc7fdb3d2d
|
|\ \
| |/
| |
| |
| |
| |
| | |
added AndroidKeyStore files."
* commit 'f0c71ceb8a9bbd9bbd793e599d08e29d77a509f8':
Add license banner to recently added AndroidKeyStore files.
|
| |
| |
| |
| |
| | |
Bug: 18088752
Change-Id: I027f9530a02cca081aae8eb94833d2fdcb678e9a
|
|\ \
| |/
| |
| |
| |
| |
| | |
AndroidKeyStore."
* commit 'c230e1908f6307913e5af644a6594cc0f9f3fb93':
Add SecretKeyFactory backed by AndroidKeyStore.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This factory provides a way to obtain information about a SecretKey
backed by AndroidKeyStore. The information is provided in a form of an
instance of KeyStoreKeySpec class.
EXAMPLE
SecretKeyFactory factory = SecretKeyFactory.getInstance(
key.getAlgorithm(), "AndroidKeyStore");
KeyStoreKeySpec keySpec =
factory.getKeySpec(key, KeyStoreKeySpec.class);
Bug: 18088752
Change-Id: I26c9dd544f80230fe7039501eeb471eaf875452b
|
|\ \
| |/
| |
| |
| |
| |
| | |
ciphers backed by AndroidKeyStore."
* commit 'd684ebd3a62cb026048d9eebacddb0f824113a5e':
Add unauthenticated AES ciphers backed by AndroidKeyStore.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the following AES transformations:
* AES/ECB/NoPadding
* AES/ECB/PKCS7Padding
* AES/CBC/NoPadding
* AES/CBC/PKCS7Padding
* AES/CTR/NoPadding
Bug: 18088752
Change-Id: I3e4702e59868f8f2225c31b1c159d20008b9999d
|
|\ \
| |/
| |
| |
| |
| |
| | |
AndroidKeyStore."
* commit '7ca65f09013e807b6df61b2ba3e650a09ceff432':
Add HmacSHA256 backed by AndroidKeyStore.
|
| |\ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This also adds the MAC length constraint on imported HMAC keys. HMAC
doesn't work without this constraint at the moment.
Bug: 18088752
Change-Id: I8613f58f5d2a84df00bcf6179d13e30619440330
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* commit '7081a16859cdcf32f565379a8179ddc7b50b3c1d':
Add authorization binder methods
|
| |\ \
| | |/
| |/| |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation.
Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
AndroidKeyStore."
* commit '23c2b8e81ec5a6e0c344f09e728d87300ac29bc2':
Symmetric key generation for AndroidKeyStore.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This currently supports AES and HMAC with SHA-256.
Bug: 18088752
Change-Id: Ife55438cf4129b895295681bb35091cd37eb73fb
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
to some operations"
* commit 'db22c6595c1b1949ff5473517609a7315b8e130f':
Allow entropy to be provided to some operations
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
AndroidKeyStore."
* commit '8e7df37c9af178cd443c487f258773c0017501aa':
Symmetric key import for AndroidKeyStore.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
object"
* commit '6558d4e75e8a129b1b1a78824ed091962a2574ef':
Make application/client id an object
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
|
|\ \
| |/
| |
| |
| |
| |
| | |
methods to KeyStore"
* commit 'f271fa33f148b0c410e8ee06aceb1f2b57cd62c7':
Add new IKeystoreService methods to KeyStore
|
| |
| |
| |
| |
| |
| |
| | |
Add wrappers for all the new IKeystoreService keymaster 0.4 methods to
android.security.KeyStore.
Change-Id: Icb5500cfffb62d1af326edf326e1b9b67e5cece9
|
|/
|
|
|
|
|
|
|
| |
Support for certificate chooser (keychain) to first query a profile
owner (if one exists) for a silent credentials grant which will be
passed back to the caller as an alias.
Bug: 15065444
Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
We're switching from OpenSSL to BoringSSL which does not support DSA.
Bug: 17409664
Change-Id: Id9b52666ba9ef234076105c925610b5b312988a5
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Android KeyStore backed KeyPairGenerator can generate EC key
pairs, but it cannot be instantiated via the standard JCA approach of
KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the
user must invoke KeyPairGenerator.getInstance("RSA",
"AndroidKeyStore") and then tell it to generate an EC key pair.
This CL fixes this weirdness.
The fix requires the introduction of late resolution of key algorithm
and default key size. Prior to this CL, these parameters were resolved
prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec.
In this CL, these parameters are resolved during KeyPairGenerator
initialization. This is fine because KeyPairGeneratorSpec should be as
dumb as possible and all the logic should reside in KeyPairGenerator
and lower layers.
Bug: 19018089
Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
|
|/
|
|
|
|
|
|
| |
This replaces IKeystoreService.java with IKeystoreService.aidl and
changes the methods that passed down a byte[][] to instead pass down a
KeystoreArguments which is currently a thin parcelable wrapper around a byte[][].
Change-Id: I6367bcf57562f41a27aab14f1903b74995cb65c2
|
|
|
|
| |
Change-Id: I8814fd0720acf09332927f184fdd9b2cdac4f413
|
|
|
|
|
|
|
|
| |
Additional device policy API to install keypairs to the keychain
silently.
Bug: 15065444
Change-Id: Idc25774c9ab1a61080290bebd6f5c4f24e6ee2e0
|
|
|
|
|
| |
Bug:16029580
Change-Id: I41a3bd2f3bd95550e59f1d0d0acd0e765d7b62d7
|
|
|
|
|
|
|
|
| |
Fixes setting a keyguard password for keystore in a multi-user setup
while we're at it.
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
|
|
|
|
|
|
|
|
| |
settings"""""
This reverts commit c9249c69813c6fb889d71d84583c67ae2942e6de.
Change-Id: I5504fddaf7b18efb73cd6c76678b3b39ce9b0229
|
|
|
|
|
|
|
|
|
|
| |
settings""""
This reverts commit 87efe74e092236c372d3b6909009641123aa416a.
This should be fine now with all the dependency CLs +2-ed
Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
|
|
|
|
|
|
| |
This reverts commit 19c8ce291e89a9ef1442a20e1feab421b11536d7.
Change-Id: Ie5a5571127311e0a29f314c0566e779cfe940b53
|
|
|
|
|
|
| |
This reverts commit 0f0de0bdd021bad5f85fdb0399a4ea91a1611e25.
Change-Id: Ia3d0907e3d7c2ec42d64e45f60e3dfaffb932c3d
|
|
|
|
|
|
| |
This reverts commit 4fde5aa9fab931d9becfc49f7d7b8526ad5640d9.
Change-Id: I581c38d64e9829b0079bafa42615f2aa0bf64763
|
|
|
|
|
|
|
|
|
|
| |
Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.
Bug: 16029580
Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
|
|\ |
|
| |
| |
| |
| |
| |
| | |
This reverts commit 792b270dbdc980cfe04e8d461bf00a1f45b5e936.
Change-Id: I18c7e0eca39868230cd8e4f4bbeb3c44ff9e8b78
|