| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL ensures that Android Keystore framework code complies with
signedness of keymaster tags. In particular:
* INT tags are unsigned 32-bit numbers, and
* LONG and DATE tags are unsigned 64-bit numbers.
The ensure compliance, KeymasterArguments and KeyCharacteristics
classes through which Android Keystore interacts with Keymaster tags
have been modified as follows:
* ENUM and INT tags which used to be conflated are now added/queried
via separate methods, because ENUM can remain represented as an int
data type whereas INT is now represented as a long data type with
permitted range being [0; 2^32).
* Methods for adding/quering LONG tags have been switched from the long
data type to the BigInteger data type and now ensure that the value
is in the permitted [0; 2^63).
* Methods for adding/querying DATE tags now ensure the Date value is
in the permitted range [0; 2^63) ms since Unix epoch.
* Methods for adding tags throw an IllegalArgumentException if the tag
type is unsuitable for the method. This is to ensure that tags with
invalid values cannot be added through similar methods (e.g., INT tag
added via an ENUM tag addition method invoked with a negative value).
Bug: 22008538
Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This switches Android Keystore asymmetric keys from being backed by
Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE
which talks to keystore via the old KeyStore API) to being backed by
the AndroidKeyStore Provider which talks to keystore via the new
KeyStore API. In effect, this switches asymmetric crypto offered by
Android Keystore from old Keystore API to new KeyStore API, enabling
all the new features such as enforcement of authorizations on key use.
Some algorithms offered by Android Keystore, such as RSA with OAEP
or PSS padding schemes, are not supported by other providers. This
complicates matters because Android Keystore only supports public key
operations if the corresponding private key is in the keystore. Thus,
Android Keystore can only offer these operations for its own public
keys only. This requires AndroidKeyStore to use its own subclasses of
PublicKey everywhere. The ugliest place is where it needs to return
its own subclass of X509Certificate only to be able to return its
own subclass of PublicKey from Certificate.getPublicKey().
Bug: 18088752
Bug: 19284418
Bug: 20912868
Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
|
| |
|
|
|
|
|
|
|
| |
* delKey -> delete
* getPubkey -> exportKey
* saw -> list.
Bug: 18088752
Change-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49
|
| |\ |
|
| | |
| |
| |
| | |
Change-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52
|
| |/
|
|
|
|
|
|
| |
Output parameters are gone from begin, instead they will returned in the
OperationResult and begin, update, and finish may return output
parameters.
Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8
|
| |
|
|
|
|
|
|
|
| |
begin now returns OP_AUTH_REQUIRED for per operations with per op
authorization instead of NO_ERROR.
(cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9)
Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
|
| |
|
|
|
|
|
|
|
| |
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
|
| |
|
|
|
|
|
|
|
|
|
| |
Keystore's begin operation now requires parameters which describe the
operation (e.g., algorithm, block mode, padding). This adjusts
KeyStoreTest to provide the necessary parameters.
(cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110)
Bug: 19509156
Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
|
| |
|
|
|
|
|
|
|
|
| |
Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
|
| |
|
|
|
|
|
|
|
|
|
| |
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This removes the need to specify the three parameters of the
self-signed certificate (serial number, subject, validity range) when
generating key pairs in AndroidKeyStore. This is achieved by
providing sensible defaults for these parameters:
* serial number: 1
* subject: CN=fake
* validity range: Jan 1 1970 to Jan 1 2048.
Bug: 18088752
Change-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
Keystore.saw returns [] on no result, not null, so the test was
incorrectly failing.
Change-Id: I22dcf85c5d6c5c0368848bc784c3215c092d9ea8
|
| |/
|
|
|
|
|
| |
KeyStoreTest needed to be adjusted because OCB is no longer supported.
Bug: 18088752
Change-Id: I7594daaa5e97423d34726b07cc79e3ee28418d95
|
| |
|
|
|
|
|
|
|
|
| |
Now that auth token checks are in keystore keys without any auth tags
are invalid.
Also adds a test to check that a key with auth required fails when none
is present.
Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
|
| |
|
|
|
|
|
|
|
|
| |
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
|
| |/
|
|
| |
Change-Id: I957c4469401953d2298751c655ca8e9f95b9511d
|
| |
|
|
|
|
|
|
| |
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
|
| |
|
|
|
|
| |
Keymaster no longer adds a default value, so these tests were failing.
Change-Id: I9c5a8d2552534db1d7fa77965b0d675acc3ccc0a
|
| |
|
|
| |
Change-Id: I3b8ef583b71056b92a876fa47556771604dae121
|
| |
|
|
|
|
|
| |
We're switching from OpenSSL to BoringSSL which does not support DSA.
Bug: 17409664
Change-Id: Id9b52666ba9ef234076105c925610b5b312988a5
|
| |
|
|
|
|
|
|
|
| |
The test is sending too much data to be signed, which should actually
fail, and does on Volantis. Apparently the other keymaster implementors
do something to pass it, because shamu and hammerhead pass, but the test
is wrong.
Change-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d
|
| |
|
|
| |
Change-Id: Ic6f029d66210052ce2f75d46102a100ac7db2b49
|
| |\
| |
| |
| | |
Change-Id: I4791f0ffa324a313b8390fbde6d8f82f716ecf74
|
| | |
| |
| |
| |
| | |
Bug: 3484927
Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
|
| |\ \
| |/
| |
| | |
Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
|
| | |
| |
| |
| | |
Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
(partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3)
Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
|
| | |
| |
| |
| |
| | |
Bug: 8657552
Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.
Bug: 8122243
Change-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7
|
| |/
|
|
|
|
|
|
| |
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
|
| |
|
|
| |
Change-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a
|
| |
|
|
|
|
|
| |
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
|
| |
|
|
|
|
|
|
|
| |
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.
Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.
Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
|
| |
|
|
| |
Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
|
| |
|
|
| |
Change-Id: Ib21ab37d22689dd87f014eaa1f7919a575367cdd
|
| |
|
|
| |
Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
|
| |\
| |
| |
| |
| | |
* commit '768d9e1a72ceee7d4a5f608776b87b62d6ce4a04':
Correct executable bit for source files
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Many media files and source code files were marked as executable in Git.
Remove those.
Also a shell script and python script were not marked as executable.
Change-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For the AndroidKeyStore API, allow entries to have their certificate
chain replaced without destroying the underlying PrivateKey. Since
entries are backed by unexportable private keys, requiring them to be
supplied again doesn't make sense and is impossible.
Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.
Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This introduces a public API for the Android keystore that is accessible
via java.security.KeyStore API. This allows programs to store
PrivateKeyEntry and TrustedCertificateEntry items visible only to
themselves.
Future work should include:
* Implement KeyStore.CallbackHandlerProtection parameter to allow the
caller to request that the keystore daemon unlock itself via the
system password input dialog.
* Implement SecretKeyEntry once that support is in keystore daemon
Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
|
| |/
|
|
|
|
|
|
| |
java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.
Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
|
| |
|
|
|
|
|
| |
InstrumentationTestRunner can enumerate the test cases to run without a
special TestRunner.
Change-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b
|
| |
|
|
|
|
|
| |
Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713
Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
|
