summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* Track change in NativeCryptoKenny Root2013-05-071-0/+2
| | | | | | (cherry picked from commit 4b30e3391bda250975b43af43bad58c98fa73f84) Change-Id: I9eed3895d78c6906f7d29d325075cf1df48fd123
* resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aospKenny Root2013-04-295-7/+7
|\ | | | | | | Change-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176
| * Track change to JSSE providerKenny Root2013-04-295-7/+7
| | | | | | | | Change-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5
| * AndroidKeyStore: Add encrypted flagKenny Root2013-04-159-136/+732
| | | | | | | | | | | | | | | | | | | | Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. (partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3) Bug: 8122243 Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
| * keystore: Add flag for blobs to be unencryptedKenny Root2013-04-151-6/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit a3788b00bb221e20abdd42f747d2af419e0a088c) Bug: 8122243 Change-Id: Ifc1c64743651b23a4eace208ade0176af47ea989
| * Remove keystore entries when package removedKenny Root2013-04-021-0/+9
| | | | | | | | | | | | | | | | | | Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. Bug: 3020069 Change-Id: Id4b1d51a5fa4c418865055635a84bebcf5b65ec8
| * KeyStore: add API to query storage typeKenny Root2013-03-291-0/+9
| | | | | | | | | | | | | | Add an API to keystore daemon to query what kind of storage is currently in use. Change-Id: I5a83ae92250ca63b691dcf1beb8b3e1703797745
* | Rename API AndroidKey* -> Key*Kenny Root2013-04-188-76/+80
| | | | | | | | | | Bug: 8657552 Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
* | keystore: remove old APIsKenny Root2013-04-121-24/+0
| | | | | | | | | | | | | | | | Remove the APIs that don't specify the flags so callers know what they're getting. Bug: 8122243 Change-Id: Ifaef6fb1d16010237c01f9d11f2053bb6b3980c0
* | Remove old KeyStore call sitesKenny Root2013-04-122-113/+175
| | | | | | | | | | | | | | | | Remove the call sites that don't have the flags specified. This is to ensure that callers know what flags they're setting. Bug: 8122243 Change-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7
* | AndroidKeyStore: Add encrypted flagKenny Root2013-04-129-136/+730
| | | | | | | | | | | | | | | | Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. Bug: 8122243 Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
* | keystore: Add flag for blobs to be unencryptedKenny Root2013-04-101-6/+21
| | | | | | | | | | | | | | | | | | | | | | In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
* | Revert "Remove AndroidKeyStore from API"Kenny Root2013-04-061-2/+0
| | | | | | | | | | | | This reverts commit ce24985ad636c38b6ee01ec9cdecfb038bfeaeb6. Change-Id: I02d6492c8db869619694c7209bb37522a7ec5a29
* | Remove keystore entries when package removedKenny Root2013-04-031-0/+9
| | | | | | | | | | | | | | | | | | | | | | Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. (cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd) Bug: 3020069 Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
* | Add API to query KeyChain algorithm support, pt. 2Kenny Root2013-04-021-3/+3
| | | | | | | | | | | | | | Late-breaking comments on API name. Revised. Bug: 7095660 Change-Id: I7224d9c8a4f84a272360ede78a18bfb72d8aeb77
* | Add API to query KeyChain algorithm supportKenny Root2013-04-021-0/+24
| | | | | | | | | | Bug: 7095660 Change-Id: Ia87caaa33bc01b032130811833f0a3c4f75b62d4
* | KeyStore: add API to query storage typeKenny Root2013-03-291-0/+9
|/ | | | | | | | | Add an API to keystore daemon to query what kind of storage is currently in use. (cherry picked from commit a738e2a1aee26e0be3944c11820724aeca313f83) Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee
* AndroidKeyStore: add Builder for param specKenny Root2013-03-282-4/+160
| | | | Change-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a
* Add ability to install credentials as other UIDKenny Root2013-03-281-0/+8
| | | | | | | | | | We need the ability to install from the system UID to wifi UID to explicitly bind WiFi credentials to the WiFi profile. This adds the ability for Wifi Settings to invoke installation of a PKCS12 file for the wifi UID. Bug: 8183258 Change-Id: I652b7e6fa93deda6d6d310be33f224e5a356c787
* KeyStore: change migrate to duplicateKenny Root2013-03-212-8/+32
| | | | | | | After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
* KeyStore: add "migrate" commandKenny Root2013-03-202-0/+41
| | | | | | | | | To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
* KeyStore: add API to uid versionsKenny Root2013-03-204-41/+223
| | | | | | | | | | | | In previous commits, we added the ability to specify which UID we want to target on certain operations. This commit adds the ability to reach those binder calls from the KeyStore class. Also fix a problem where saw() was not reading all the values returned via the Binder call. This changes the semantics to return a null instead of failing silently when it's not possible to search. Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
* KeyStore: stop using state()Kenny Root2013-02-143-7/+8
| | | | Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
* Merge "Track keystore binder changes"Kenny Root2013-02-131-7/+7
|\
| * Track keystore binder changesKenny Root2013-02-131-7/+7
| | | | | | | | Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454
* | KeyChain: return null instead of throwKenny Root2013-02-131-1/+6
|/ | | | | | | | The API documentation says it will return null if the key isn't found. We get null back from the keystore daemon when it can't retrieve the data, so just return null back to the API caller. Change-Id: I42248bd50cbc5f76864bd762aae3faab1c50529d
* am 74637db2: Merge "AndroidKeyStore: return error code on error"Kenny Root2013-02-041-1/+6
|\ | | | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '74637db21eb0b3c0167378e2b5c866fdc02e51f2': AndroidKeyStore: return error code on error
| * AndroidKeyStore: return error code on errorKenny Root2013-02-041-1/+6
| | | | | | | | | | | | | | Instead of blindly multiplying return value by 1000 to convert to milliseconds, check to see if it's an error condition first. Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
* | am 5a720bb9: Merge "AndroidKeyStore: add key wrapping test"Kenny Root2013-02-041-0/+48
|\ \ | |/ | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '5a720bb9b031d44e593d2054bda586ccc3752aa4': AndroidKeyStore: add key wrapping test
| * AndroidKeyStore: add key wrapping testKenny Root2013-02-041-0/+48
| | | | | | | | Change-Id: Ib21ab37d22689dd87f014eaa1f7919a575367cdd
* | am 133c5f5e: Merge "AndroidKeyStore: fix tests"Kenny Root2013-02-042-13/+7
|\ \ | |/ | | | | | | | | # Via Gerrit Code Review (1) and Kenny Root (1) * commit '133c5f5e91e72cff1a9a3a4903a0efc96b39165b': AndroidKeyStore: fix tests
| * AndroidKeyStore: fix testsKenny Root2013-02-042-13/+7
| | | | | | | | Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
* | am 2e99d3c9: am ebb61ca2: Merge "Track libcore changes for OpenSSLKey"Kenny Root2013-01-251-6/+3
|\ \ | |/ | | | | | | | | # Via Android Git Automerger (1) and others * commit '2e99d3c9646861ca92faf6708c18e36c7530fd93': Track libcore changes for OpenSSLKey
| * Track libcore changes for OpenSSLKeyKenny Root2013-01-221-6/+3
| | | | | | | | Change-Id: I39f60c34daa9ccc633efb02988ea238a84e6bbf1
* | am 834b0f3c: am 19b17b41: am 38a642e9: am 3e2479dd: Merge "docs: fix broken ↵Scott Main2013-01-031-3/+0
|\ \ | |/ |/| | | | | | | | | links and add new sitemap text file" into jb-mr1-dev * commit '834b0f3cd90679655ac1549cb427fc9475ac4a4b': docs: fix broken links and add new sitemap text file
| * docs: fix broken links and add new sitemap text fileScott Main2013-01-031-3/+0
| | | | | | | | Change-Id: If0f7967a65a6e3a444a565a2e8229a04a5265f56
* | Switch keystore to binderKenny Root2012-11-141-220/+133
| | | | | | | | Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4
* | am 768d9e1a: Merge "Correct executable bit for source files"Kenny Root2012-11-071-0/+0
|\ \ | |/ |/| | | | | * commit '768d9e1a72ceee7d4a5f608776b87b62d6ce4a04': Correct executable bit for source files
| * Correct executable bit for source filesKenny Root2012-11-071-0/+0
| | | | | | | | | | | | | | | | | | Many media files and source code files were marked as executable in Git. Remove those. Also a shell script and python script were not marked as executable. Change-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5
* | Remove AndroidKeyStore from APIKenny Root2012-09-141-0/+1
| | | | | | | | Change-Id: Ibe09d78e5a5b86604f01144f344525bff94c2dde
* | Tracking upgrade to bouncycastle 1.47Brian Carlstrom2012-09-121-18/+30
| | | | | | | | Change-Id: I4a3c508c5e65dd46a2df22935b5351092550fad5
* | Add some NullPointerExceptions to AndroidKeyStoreKenny Root2012-08-311-2/+39
| | | | | | | | | | | | | | | | | | | | Existing KeyStore implementations throw NullPointerExceptions beacuse the KeyStoreSpi doesn't check these arguments for null. Add in checks so we don't accidentally check some bogus values. Also switch a RuntimeException to a KeyStoreException Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
* | Always-on VPN.Jeff Sharkey2012-08-271-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support for always-on VPN profiles, also called "lockdown." When enabled, LockdownVpnTracker manages the netd firewall to prevent unencrypted traffic from leaving the device. It creates narrow rules to only allow traffic to the selected VPN server. When an egress network becomes available, LockdownVpnTracker will try bringing up the VPN connection, and will reconnect if disconnected. ConnectivityService augments any NetworkInfo based on the lockdown VPN status to help apps wait until the VPN is connected. This feature requires that VPN profiles use an IP address for both VPN server and DNS. It also blocks non-default APN access when enabled. Waits for USER_PRESENT after boot to check KeyStore status. Bug: 5756357 Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
* | Add ability to replace chain for PrivateKeyEntryKenny Root2012-08-224-24/+242
| | | | | | | | | | | | | | | | | | For the AndroidKeyStore API, allow entries to have their certificate chain replaced without destroying the underlying PrivateKey. Since entries are backed by unexportable private keys, requiring them to be supplied again doesn't make sense and is impossible. Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
* | Add KeyPairGenerator for Android keystoreKenny Root2012-08-228-20/+638
| | | | | | | | | | | | | | | | This allows end-users to generate keys in the keystore without the private part of the key ever needing to leave the device. The generation process also generates a self-signed certificate. Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
* | Add AndroidKeyStore provider for KeyStore APIKenny Root2012-08-203-0/+1880
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a public API for the Android keystore that is accessible via java.security.KeyStore API. This allows programs to store PrivateKeyEntry and TrustedCertificateEntry items visible only to themselves. Future work should include: * Implement KeyStore.CallbackHandlerProtection parameter to allow the caller to request that the keystore daemon unlock itself via the system password input dialog. * Implement SecretKeyEntry once that support is in keystore daemon Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
* | Add getmtime to Android KeyStore APIKenny Root2012-08-202-0/+68
| | | | | | | | | | | | | | | | java.security.KeyStore requires that you be able to get the creation date for any given entry. We'll approximate that through using the mtime of the file in the keystore. Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
* | am 1ad8bf56: am f0e87175: Merge "Remove useless TestRunner"Kenny Root2012-08-134-53/+13
|\ \ | |/ | | | | | | * commit '1ad8bf5660281d624759897e0403b35b29641ba2': Remove useless TestRunner
| * Remove useless TestRunnerKenny Root2012-08-104-53/+13
| | | | | | | | | | | | | | InstrumentationTestRunner can enumerate the test cases to run without a special TestRunner. Change-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b
| * Change KeyStore to use Modified UTF-8 to match NativeCryptoBrian Carlstrom2012-08-012-22/+46
| | | | | | | | | | | | | | Bug: http://code.google.com/p/android/issues/detail?id=35141 Bug: 6869713 Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
generated by cgit v1.1 at 2025-04-02 01:29:21 +0000