summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* Fix testAuthNeeded testChad Brubaker2015-05-151-1/+2
| | | | | | | | | begin now returns OP_AUTH_REQUIRED for per operations with per op authorization instead of NO_ERROR. (cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9) Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
* Remove "encrypt at rest" flag from new AndroidKeyStore API.Alex Klyubin2015-05-155-116/+14
| | | | | | | | | This flag causes issues such as being unable to generate, import, or use keys when the user/profile secure lock screen credential hasn't yet been entered after boot. Bug: 18088752 Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
* Merge "Move Android Keystore impl to android.security.keystore." into mnc-devAlex Klyubin2015-05-1424-100/+152
|\
| * Move Android Keystore impl to android.security.keystore.Alex Klyubin2015-05-1324-100/+152
| | | | | | | | | | | | | | | | | | This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
* | Replace String host:port/url args with Uri argRobin Lee2015-05-141-23/+12
|/ | | | | | | | | Uri provides a stronger guarantee of well-formedness and lets apps do nice extra things like specifying scheme etc. without twisting any expectations. Bug: 20820034 Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
* New AndroidKeyStore API in android.security.keystore.Alex Klyubin2015-05-1322-1484/+1616
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
* Merge "Ensure key algorithm name of HMAC keys is preserved." into mnc-devAlex Klyubin2015-05-131-0/+15
|\
| * Ensure key algorithm name of HMAC keys is preserved.Alex Klyubin2015-05-131-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When Android KeyStore loads an HMAC key, it needs to compose the JCA key algorithm name (e.g., HmacSHA256) based on the digests the key is authorized for. A key can be authorized for multiple digests. Thus, the approach is to use the first one for constructing the JCA key algorithm name. This CL ensures that when importing HMAC keys the first KM_TAG_DIGEST tag is set to the digest of the JCA key algorithm name. Bug: 18088752 Change-Id: I911ca7427b249ee823d06e988687af6146ebaff8
* | Add keystore onUserAdded/Removed methodsChad Brubaker2015-05-131-0/+38
|/ | | | | | (cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1) Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57
* Flatten KeyStoreKeyProperties constants.Alex Klyubin2015-05-1211-445/+375
| | | | | | | | | This moves constants/flags declared in inner classes of KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API Council. Bug: 21039983 Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c
* Merge "Link to magic constants used by AndroidKeyStore API." into mnc-devAlex Klyubin2015-05-124-45/+128
|\
| * Link to magic constants used by AndroidKeyStore API.Alex Klyubin2015-05-114-45/+128
| | | | | | | | | | | | | | | | | | | | | | This updates the Javadocs of AndroidKeyStore methods which take constants defined in KeyStoreKeyProperties to contain a link to the corresponding set of constants and an example of a couple of accepted constants, to make it easier to understand and find out what constants to use. Bug: 18088752 Change-Id: I338134ef136db62a7caca782cb59dbebdc996670
* | Move PointFormat constants into parent class.Alex Klyubin2015-05-121-31/+23
| | | | | | | | | | | | | | | | This gets rid of EcIesParameterSpec.PointFormat by moving the constants into EcIesParameterSpec, prefixed with POINT_FORMAT_. Bug: 21039983 Change-Id: I7a76bb84e0394db9c7f5b0d53526915d5bbdd511
* | Merge "Hide @IntDef and @StringDef annotations from AnroidKeyStore API." ↵Alex Klyubin2015-05-122-0/+24
|\ \ | |/ |/| | | into mnc-dev
| * Hide @IntDef and @StringDef annotations from AnroidKeyStore API.Alex Klyubin2015-05-122-0/+24
| | | | | | | | | | | | | | | | By convention, these annotation classes should remain hidden API. Bug: 18088752 Bug: 21039983 Change-Id: Ifb5d2910c7dae4e0fd809876eb641f1aaf7a00a6
* | Merge "Add missing value for EcIesParameterSpec.PointFormatEnum." into mnc-devAlex Klyubin2015-05-111-1/+5
|\ \
| * | Add missing value for EcIesParameterSpec.PointFormatEnum.Alex Klyubin2015-05-111-1/+5
| |/ | | | | | | Change-Id: If14fe3c3c7ed123b0fa9d5874db2ad8844e49671
* | Add NonNull and Nullable annotations to AndroidKeyStore API.Alex Klyubin2015-05-118-44/+175
|/ | | | | | | | This is to enable Android Lint and Android Studio to flag nullness issues at compile time. Bug: 18088752 Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
* Fix KeyStoreTest now that begin requires parameters.Alex Klyubin2015-05-111-2/+12
| | | | | | | | | | | Keystore's begin operation now requires parameters which describe the operation (e.g., algorithm, block mode, padding). This adjusts KeyStoreTest to provide the necessary parameters. (cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110) Bug: 19509156 Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
* Document when encrypted AndroidKeyStore keys are wiped.Alex Klyubin2015-05-085-18/+40
| | | | | | | | | This also drops the boolean parameter from KeyGeneratorSpec.Builder.setEncryptionRequired to match the already launched KeyPairGeneratorSpec.Builder.setEncryptionRequired. Bug: 18088752 Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
* Merge "More Javadocs for AndroidKeyStore public classes." into mnc-devAlex Klyubin2015-05-084-58/+251
|\
| * More Javadocs for AndroidKeyStore public classes.Alex Klyubin2015-05-084-58/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds more detailed class-level Javadocs (incl. examples) for the following public API of Android KeyStore facility: * KeyPairGeneratorSpec, * KeyGeneratorSpec, * KeyStoreParameter, * KeyStoreKeySpec. This also clarifies what encryption at rest means. Bug: 18088752 Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
* | Merge "Cleanup keystore password changing and unlocking" into mnc-devChad Brubaker2015-05-084-58/+114
|\ \ | |/ |/|
| * Cleanup keystore password changing and unlockingChad Brubaker2015-05-084-58/+114
| | | | | | | | | | | | | | | | | | | | Add KeyStore.onUserPasswordChanged for the lockscreen to call when the user changes their password. Keystore will then handle the logic of deleting keys. Instead of calling Keystore.password_uid for both unlocking and password changes the behavior has been split into Keystore.unlock and onUserPasswordChanged. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
* | Replace "TEE" with "secure hardware".Alex Klyubin2015-05-083-20/+23
| | | | | | | | | | | | | | This is to make the Android KeyStore API more generic. Bug: 18088752 Change-Id: I18bcc96db4af17127e5dc038becc9deb85bb48aa
* | Merge "Document that new APIs for asymmetric crypto have no effect." into ↵Alex Klyubin2015-05-072-0/+48
|\ \ | | | | | | | | | mnc-dev
| * | Document that new APIs for asymmetric crypto have no effect.Alex Klyubin2015-05-072-0/+48
| | | | | | | | | | | | | | | Bug: 18088752 Change-Id: Idfcf57251e76185425b9271d6a2001c5556f9f59
* | | Check parameters in KeyGenerator.init.Alex Klyubin2015-05-071-68/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KeyGenerator.init is supposed to check whether all provided parameters are OK. This is because KeyGenerator.generateKey cannot throw checked exceptions. This CL makes AndroidKeyStore KeyGenerator implementation do just that. Unfortunately, keymaster/kestore doesn't provide a way to check whether all the parameters are OK without actually generating a key. Thus, this KeyGenerator does its best inside init method (before Keymaster is called), and then surfaces any remaining issues (flagged by Keymaster/keystore) as unchecked IllegalStateException. Bug: 18088752 Change-Id: I9a04da880dcbe26c37f41d1477e41bdc74db04c9
* | | Merge "Use ProviderException in AndroidKeyStore." into mnc-devAlex Klyubin2015-05-073-15/+19
|\ \ \ | |/ / |/| |
| * | Use ProviderException in AndroidKeyStore.Alex Klyubin2015-05-063-15/+19
| |/ | | | | | | | | | | | | | | | | | | | | | | This switches to ProviderException in most places in AndroidKeyStore primitives where checked exceptions cannot be thrown. This is to follow JCA design. KeyStoreKeyGeneratorSpi is not touched by this CL because there's another CL already doing that. Bug: 18088752 Change-Id: If7e93042f973334b9bba004f5a330f831c1e77c1
* | Merge "Always mix in additional entropy into keymaster." into mnc-devAlex Klyubin2015-05-073-10/+34
|\ \
| * | Always mix in additional entropy into keymaster.Alex Klyubin2015-05-063-10/+34
| |/ | | | | | | | | | | | | | | | | | | | | | | | | This makes AndroidKeyStore Cipher and KeyGenerator implementations mix in additional entropy into keymaster's RNG regardless of whether they were provided with a SecureRandom instance. In practice, they are always provided with a SecureRandom instance. However, to be safe, when no SecureRandom instance is provided the code now uses a platform-default SecureRandom implementation. Bug: 18088752 Change-Id: I85bca30d7bdc82c2a342094dcbe6044e48a63dca
* | Merge "Adjust the Javadoc for user authentication timeout." into mnc-devAlex Klyubin2015-05-074-16/+20
|\ \
| * | Adjust the Javadoc for user authentication timeout.Alex Klyubin2015-05-074-16/+20
| |/ | | | | | | | | | | | | | | | | The Javadoc incorrectly stated that: * 0 means authentication required for every use. * -1 means that timeout is not specified and the key can be any time. Bug: 18088752 Change-Id: Ie5f37e74dc207f23443527ac1725ae8a37213d75
* | Define String constants for AndroidKeyStore crypto.Alex Klyubin2015-05-0613-397/+644
|/ | | | | | | | | | This defines the String enum values based on JCA standard names for key algorithm, block mode, padding schemes, and digests. This should make it safer to interact with AndroidKeyStore code that uses JCA strings. This was requested by API Council. Bug: 18088752 Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
* Keystore uses 0 for invalid operation handles.Alex Klyubin2015-05-064-13/+19
| | | | | | | | This propagates the concept that 0 is an invalid crypto operation handle to the outside of AndroidKeyStore abstraction. Bug: 20864436 Change-Id: I1e5abb66c5d41d8fc32aac44372495a708c2b6e2
* Handle KM_ERROR_CALLER_NONCE_PROHIBITED.Alex Klyubin2015-04-301-0/+2
| | | | | | | | | This converts KM_ERROR_CALLER_NONCE_PROHIBITED into InvalidAlgorithmParameterSpec, as expected by the contract of JCA Cipher. Bug: 18088752 Change-Id: I6a01e2d7118c478b27a0d7a5a14a127de8913755
* Merge "Switch from FingerprintService to FingerprintManager." into mnc-devAlex Klyubin2015-04-301-26/+24
|\
| * Switch from FingerprintService to FingerprintManager.Alex Klyubin2015-04-301-26/+24
| | | | | | | | | | | | | | | | | | | | | | FingerprintService is a lower layer of abstraction which should ideally be accessed only via FingerprintManager from AndroidKeyStore. The main issue with the switch is that it requires a reference to a Context. This is now obtained using ActivityThread's hidden API. Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa
* | Merge "Cleanup logic for per-op auth keys." into mnc-devAlex Klyubin2015-04-305-65/+173
|\ \ | |/ |/|
| * Cleanup logic for per-op auth keys.Alex Klyubin2015-04-305-65/+173
| | | | | | | | | | | | | | This streamlines the exception throwing logic for per-op auth keys of AndroidKeyStore. Change-Id: I7e27c17fd89d5a7f71f5d7578f584189c5236fb8
* | Merge "Fix the build" into mnc-devSvetoslav2015-04-301-2/+17
|\ \
| * | Fix the buildSvetoslav2015-04-301-2/+17
| |/ | | | | | | Change-Id: I24e697e989b5f88c3f5e61343fbff60a09aa4c12
* | Track Keymaster changes.Alex Klyubin2015-04-304-30/+15
|/ | | | | | | | * MAC length is now specified as a parameters to the begin operation instead of as a parameter at key generation/import time. * KM_TAG_MAC_LENGTH is now in bits instead of in bytes. Change-Id: I752fe232d11d3ac39a575a48948215d84ded8fb9
* Merge "AndroidKeyStore keys should not be handled by Bouncy Castle." into ↵Alex Klyubin2015-04-302-31/+113
|\ | | | | | | mnc-dev
| * AndroidKeyStore keys should not be handled by Bouncy Castle.Alex Klyubin2015-04-292-31/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac, Signature, and KeyAgreement implementations accept arbitrary keys ( including AndroidKeyStore keys). As a result, when a Cipher, Mac, Signature, or KeyAgreement instance is requested from JCA without explicitly specifying the provider (which follows best practices) and then initialied with an AndroidKeyStore key, JCA chooses the BouncyCastle's implementation, which in turn blows up because it can't handle such keys. The workaround is to install Cipher, Mac, Signature, and KeyAgreement implementations backed by AndroidKeyStore as a higher-priority JCA provider than the Bouncy Castle one. This is achieved by splitting out the above implementations from AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider and installing the AndroidKeyStoreProvider at the usual priority (below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider at above Bouncy Castle priority. Bug: 20691708 Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
* | Surface KeyPermanentlyInvalidatedException for per-op auth keys.Alex Klyubin2015-04-292-0/+20
| | | | | | | | | | Bug: 20642549 Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
* | Enable per-use user authenticated keys to be used.Alex Klyubin2015-04-293-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | This makes symmetric Cipher and Mac implementations backed by AndroidKeyStore succeed in their initialization when the key is configured to require user authentication for every use. Users of such keys should obtain an instance of Cipher or Mac, initialize it with the key, and then authorize the operation by passing this Cipher or Mac instance to FingerprintManager.authenticate. Bug: 18088752 Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1
* | Add KeyPermanentlyInvalidatedException.Alex Klyubin2015-04-298-73/+130
|/ | | | | | | | | | | | | | | | | | | This enables users of AndroidKeyStore crypto to differentiate between the key being unusable until the user is authenticated (UserNotAuthenticatedException) and the key being permanently unusable (KeyPermanentlyInvalidatedException). The latter is the case when the secure lock screen has been disabled or reset, and, for keys that require user authentication for every use, when a new fingerprint is enrolled or all fingerprints are unenrolled. NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the NewFingerprintEnrolledException which has thus been removed. There is no way to find out whether a key was permenently invalidated specifically because a new fingerprint was added. Bug: 20642549 Bug: 20526234 Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
* Merge "Add OP_AUTH_NEEDED KeyStore result code" into mnc-devChad Brubaker2015-04-291-0/+8
|\
generated by cgit v1.1 at 2024-08-19 18:24:16 +0000