summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* Merge "Expose RSA and ECDSA Signature from Android Keystore Provider." into ↵Alex Klyubin2015-06-047-3/+866
|\ | | | | | | mnc-dev
| * Expose RSA and ECDSA Signature from Android Keystore Provider.Alex Klyubin2015-06-047-3/+866
| | | | | | | | | | | | | | | | The RSA Signature supports PKCS#1 and PSS padding. Bug: 18088752 Bug: 20912868 Change-Id: I03cdc86d1935af36f7c87a0b23d67f813829cfb0
* | Merge "Streamline Android Keystore delete entry operation." into mnc-devAlex Klyubin2015-06-041-5/+4
|\ \
| * | Streamline Android Keystore delete entry operation.Alex Klyubin2015-06-041-5/+4
| |/ | | | | | | | | | | | | This ensures that all four entry subtypes are deleted. Bug: 18088752 Change-Id: Ia020dbede562a123c8c81cc9449ba5ab4aac61dd
* | Merge "Reliably delete keys if key generation fails." into mnc-devAlex Klyubin2015-06-042-57/+73
|\ \
| * | Reliably delete keys if key generation fails.Alex Klyubin2015-06-042-57/+73
| |/ | | | | | | | | Bug: 18088752 Change-Id: Iea68f3f96fc872d5628f163a1314ebd080c9d39e
* | Merge "Add optional additional entropy to finish" into mnc-devChad Brubaker2015-06-041-2/+7
|\ \ | |/ |/|
| * Add optional additional entropy to finishChad Brubaker2015-06-041-2/+7
| | | | | | | | | | | | | | | | | | | | If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. (cherry-picked from commit 9ce30624a448f439e19960d0dd88103c04676e7d) Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
* | Expose RSA Cipher from Android Keystore Provider.Alex Klyubin2015-06-0310-16/+724
|/ | | | | | | | | The RSA Cipher supports OAEPPadding, PKCS1Padding and NoPadding padding schemes. Bug: 18088752 Bug: 20912868 Change-Id: Ie050e12705bb553a402760a1d253fdb2247a1d50
* Merge "Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG" into mnc-devAlex Klyubin2015-06-031-2/+2
|\
| * Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAGAlex Klyubin2015-06-021-2/+2
| | | | | | | | Change-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52
* | Track changes to the keystore binder APIChad Brubaker2015-06-014-18/+11
| | | | | | | | | | | | | | | | Output parameters are gone from begin, instead they will returned in the OperationResult and begin, update, and finish may return output parameters. Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8
* | No need to specify key size when importing.Alex Klyubin2015-06-011-3/+0
|/ | | | | | | The underlying Keymaster implementation no longer requires that. Bug: 19799085 Change-Id: I6b651bac5d4825b4ed0981a49bb79aedcf79d749
* Cleanup Binder token resetting.Alex Klyubin2015-05-292-4/+3
| | | | | | | | | This is a follow-up to 7cbcfd4fc1e538bd391a20cdd00dd1494ace2d0e where during the review it was pointed out that the code could be streamlined. Bug: 18088752 Change-Id: Iecb9fdbc31a0f3cdcb94ddb1b3e7e12a0543a231
* Merge "Refactor Android Keystore CipherSpi base class." into mnc-devAlex Klyubin2015-05-296-690/+840
|\
| * Refactor Android Keystore CipherSpi base class.Alex Klyubin2015-05-296-690/+840
| | | | | | | | | | | | | | | | | | This makes Android Keystore's CipherSpi base class suitable for implementing AES and RSA ciphers. Previously, the class was heavily biased towards only AES. Bug: 18088752 Change-Id: I6bd1ca54165592d28482e56471dcfe0344337cf4
* | Merge "Add algorithm aliases for Android Keystore HMACs." into mnc-devAlex Klyubin2015-05-291-0/+19
|\ \
| * | Add algorithm aliases for Android Keystore HMACs.Alex Klyubin2015-05-291-0/+19
| |/ | | | | | | | | | | | | The aliases have been copied from Conscrypt. Bug: 18088752 Change-Id: I1c66d8c3655f57db41cc0b9cc88d08b44b4a774b
* | Merge "Fix typo in Javadocs of KeyGenParameterSpec." into mnc-devAlex Klyubin2015-05-271-2/+2
|\ \
| * | Fix typo in Javadocs of KeyGenParameterSpec.Alex Klyubin2015-05-261-2/+2
| |/ | | | | | | | | Bug: 18088752 Change-Id: I76daca80a8066ab55a0104ae113fd2c3a7993af3
* | Remove KeyStoreParameter.getContext().Alex Klyubin2015-05-261-18/+0
|/ | | | | | | | This method isn't there in the released API and we don't need it in the new API. Bug: 18088752 Change-Id: Iccd80715bec782ac3a12bea169df4d37264f66f9
* Cleanup Keystore APIChad Brubaker2015-05-191-44/+41
| | | | | | | | | | | | | Rename confusingly named methods, add userID arguments to all methods that operate on user state and delete methods that have been replaced by the onUser* methods. Some of the old methods have been kept in KeyStore.java in order to ease the transition of various system packages to the new methods. (cherry-picked from commit d8aacca3a197f65021e9b520807b7315b7a59d68) Change-Id: Ic271689d62c36d255c5adee26c7abc2e7ed24df5
* Merge "Use consistent name for KeyPairGeneratorSpi." into mnc-devAlex Klyubin2015-05-192-9/+10
|\
| * Use consistent name for KeyPairGeneratorSpi.Alex Klyubin2015-05-192-9/+10
| | | | | | | | | | | | | | | | | | This renames AndroidKeyPairGeneratorSpi to AndroidKeyStoreKeyPairGeneratorSpi for consistency with other SPI implementations of AndroidKeyStore provider. Bug: 18088752 Change-Id: Iea1c4d35987b3e64f92dd1706273ffb75a6addd6
* | Switch from getSpi to getCurrentSpi.Alex Klyubin2015-05-181-4/+7
|/ | | | | | | | | | | | | | | Crypto primitives' getSpi has a side-effect which modifies the state of the primitive: it selects an SPI implementation if it hasn't been selected yet (e.g., Cipher.getInstance("AES") doesn't select an SPI implementation until Cipher.init). The new method getCurrentSpi has no side-effects: it simply returns null if no SPI implementation is selected. The switch to getCurrentSpi lets us avoid side-effects and throw a more pertinent exception when no SPI is yet selected. (cherry-picked from bdc1382ac575a06c98cab69117700e081c90c595) Bug: 18088752 Change-Id: Ib369c7e988329315075aa4e18f720d86f3d96a93
* Fix testAuthNeeded testChad Brubaker2015-05-151-1/+2
| | | | | | | | | begin now returns OP_AUTH_REQUIRED for per operations with per op authorization instead of NO_ERROR. (cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9) Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
* Remove "encrypt at rest" flag from new AndroidKeyStore API.Alex Klyubin2015-05-155-116/+14
| | | | | | | | | This flag causes issues such as being unable to generate, import, or use keys when the user/profile secure lock screen credential hasn't yet been entered after boot. Bug: 18088752 Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
* Merge "Move Android Keystore impl to android.security.keystore." into mnc-devAlex Klyubin2015-05-1424-100/+152
|\
| * Move Android Keystore impl to android.security.keystore.Alex Klyubin2015-05-1324-100/+152
| | | | | | | | | | | | | | | | | | This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
* | Replace String host:port/url args with Uri argRobin Lee2015-05-141-23/+12
|/ | | | | | | | | Uri provides a stronger guarantee of well-formedness and lets apps do nice extra things like specifying scheme etc. without twisting any expectations. Bug: 20820034 Change-Id: Ia6bbedb74765444920b667d643fb7e1eb6a7292b
* New AndroidKeyStore API in android.security.keystore.Alex Klyubin2015-05-1322-1484/+1616
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
* Merge "Ensure key algorithm name of HMAC keys is preserved." into mnc-devAlex Klyubin2015-05-131-0/+15
|\
| * Ensure key algorithm name of HMAC keys is preserved.Alex Klyubin2015-05-131-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When Android KeyStore loads an HMAC key, it needs to compose the JCA key algorithm name (e.g., HmacSHA256) based on the digests the key is authorized for. A key can be authorized for multiple digests. Thus, the approach is to use the first one for constructing the JCA key algorithm name. This CL ensures that when importing HMAC keys the first KM_TAG_DIGEST tag is set to the digest of the JCA key algorithm name. Bug: 18088752 Change-Id: I911ca7427b249ee823d06e988687af6146ebaff8
* | Add keystore onUserAdded/Removed methodsChad Brubaker2015-05-131-0/+38
|/ | | | | | (cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1) Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57
* Flatten KeyStoreKeyProperties constants.Alex Klyubin2015-05-1211-445/+375
| | | | | | | | | This moves constants/flags declared in inner classes of KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API Council. Bug: 21039983 Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c
* Merge "Link to magic constants used by AndroidKeyStore API." into mnc-devAlex Klyubin2015-05-124-45/+128
|\
| * Link to magic constants used by AndroidKeyStore API.Alex Klyubin2015-05-114-45/+128
| | | | | | | | | | | | | | | | | | | | | | This updates the Javadocs of AndroidKeyStore methods which take constants defined in KeyStoreKeyProperties to contain a link to the corresponding set of constants and an example of a couple of accepted constants, to make it easier to understand and find out what constants to use. Bug: 18088752 Change-Id: I338134ef136db62a7caca782cb59dbebdc996670
* | Move PointFormat constants into parent class.Alex Klyubin2015-05-121-31/+23
| | | | | | | | | | | | | | | | This gets rid of EcIesParameterSpec.PointFormat by moving the constants into EcIesParameterSpec, prefixed with POINT_FORMAT_. Bug: 21039983 Change-Id: I7a76bb84e0394db9c7f5b0d53526915d5bbdd511
* | Merge "Hide @IntDef and @StringDef annotations from AnroidKeyStore API." ↵Alex Klyubin2015-05-122-0/+24
|\ \ | |/ |/| | | into mnc-dev
| * Hide @IntDef and @StringDef annotations from AnroidKeyStore API.Alex Klyubin2015-05-122-0/+24
| | | | | | | | | | | | | | | | By convention, these annotation classes should remain hidden API. Bug: 18088752 Bug: 21039983 Change-Id: Ifb5d2910c7dae4e0fd809876eb641f1aaf7a00a6
* | Merge "Add missing value for EcIesParameterSpec.PointFormatEnum." into mnc-devAlex Klyubin2015-05-111-1/+5
|\ \
| * | Add missing value for EcIesParameterSpec.PointFormatEnum.Alex Klyubin2015-05-111-1/+5
| |/ | | | | | | Change-Id: If14fe3c3c7ed123b0fa9d5874db2ad8844e49671
* | Add NonNull and Nullable annotations to AndroidKeyStore API.Alex Klyubin2015-05-118-44/+175
|/ | | | | | | | This is to enable Android Lint and Android Studio to flag nullness issues at compile time. Bug: 18088752 Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
* Fix KeyStoreTest now that begin requires parameters.Alex Klyubin2015-05-111-2/+12
| | | | | | | | | | | Keystore's begin operation now requires parameters which describe the operation (e.g., algorithm, block mode, padding). This adjusts KeyStoreTest to provide the necessary parameters. (cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110) Bug: 19509156 Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
* Document when encrypted AndroidKeyStore keys are wiped.Alex Klyubin2015-05-085-18/+40
| | | | | | | | | This also drops the boolean parameter from KeyGeneratorSpec.Builder.setEncryptionRequired to match the already launched KeyPairGeneratorSpec.Builder.setEncryptionRequired. Bug: 18088752 Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
* Merge "More Javadocs for AndroidKeyStore public classes." into mnc-devAlex Klyubin2015-05-084-58/+251
|\
| * More Javadocs for AndroidKeyStore public classes.Alex Klyubin2015-05-084-58/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds more detailed class-level Javadocs (incl. examples) for the following public API of Android KeyStore facility: * KeyPairGeneratorSpec, * KeyGeneratorSpec, * KeyStoreParameter, * KeyStoreKeySpec. This also clarifies what encryption at rest means. Bug: 18088752 Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
* | Merge "Cleanup keystore password changing and unlocking" into mnc-devChad Brubaker2015-05-084-58/+114
|\ \ | |/ |/|
| * Cleanup keystore password changing and unlockingChad Brubaker2015-05-084-58/+114
| | | | | | | | | | | | | | | | | | | | Add KeyStore.onUserPasswordChanged for the lockscreen to call when the user changes their password. Keystore will then handle the logic of deleting keys. Instead of calling Keystore.password_uid for both unlocking and password changes the behavior has been split into Keystore.unlock and onUserPasswordChanged. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
* | Replace "TEE" with "secure hardware".Alex Klyubin2015-05-083-20/+23
| | | | | | | | | | | | | | This is to make the Android KeyStore API more generic. Bug: 18088752 Change-Id: I18bcc96db4af17127e5dc038becc9deb85bb48aa
generated by cgit v1.1 at 2025-02-13 18:40:07 +0000