summaryrefslogtreecommitdiffstats
path: root/keystore
Commit message (Collapse)AuthorAgeFilesLines
* Document when encrypted AndroidKeyStore keys are wiped.Alex Klyubin2015-05-085-18/+40
| | | | | | | | | This also drops the boolean parameter from KeyGeneratorSpec.Builder.setEncryptionRequired to match the already launched KeyPairGeneratorSpec.Builder.setEncryptionRequired. Bug: 18088752 Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
* Merge "More Javadocs for AndroidKeyStore public classes." into mnc-devAlex Klyubin2015-05-084-58/+251
|\
| * More Javadocs for AndroidKeyStore public classes.Alex Klyubin2015-05-084-58/+251
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds more detailed class-level Javadocs (incl. examples) for the following public API of Android KeyStore facility: * KeyPairGeneratorSpec, * KeyGeneratorSpec, * KeyStoreParameter, * KeyStoreKeySpec. This also clarifies what encryption at rest means. Bug: 18088752 Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
* | Merge "Cleanup keystore password changing and unlocking" into mnc-devChad Brubaker2015-05-084-58/+114
|\ \ | |/ |/|
| * Cleanup keystore password changing and unlockingChad Brubaker2015-05-084-58/+114
| | | | | | | | | | | | | | | | | | | | Add KeyStore.onUserPasswordChanged for the lockscreen to call when the user changes their password. Keystore will then handle the logic of deleting keys. Instead of calling Keystore.password_uid for both unlocking and password changes the behavior has been split into Keystore.unlock and onUserPasswordChanged. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
* | Replace "TEE" with "secure hardware".Alex Klyubin2015-05-083-20/+23
| | | | | | | | | | | | | | This is to make the Android KeyStore API more generic. Bug: 18088752 Change-Id: I18bcc96db4af17127e5dc038becc9deb85bb48aa
* | Merge "Document that new APIs for asymmetric crypto have no effect." into ↵Alex Klyubin2015-05-072-0/+48
|\ \ | | | | | | | | | mnc-dev
| * | Document that new APIs for asymmetric crypto have no effect.Alex Klyubin2015-05-072-0/+48
| | | | | | | | | | | | | | | Bug: 18088752 Change-Id: Idfcf57251e76185425b9271d6a2001c5556f9f59
* | | Check parameters in KeyGenerator.init.Alex Klyubin2015-05-071-68/+124
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KeyGenerator.init is supposed to check whether all provided parameters are OK. This is because KeyGenerator.generateKey cannot throw checked exceptions. This CL makes AndroidKeyStore KeyGenerator implementation do just that. Unfortunately, keymaster/kestore doesn't provide a way to check whether all the parameters are OK without actually generating a key. Thus, this KeyGenerator does its best inside init method (before Keymaster is called), and then surfaces any remaining issues (flagged by Keymaster/keystore) as unchecked IllegalStateException. Bug: 18088752 Change-Id: I9a04da880dcbe26c37f41d1477e41bdc74db04c9
* | | Merge "Use ProviderException in AndroidKeyStore." into mnc-devAlex Klyubin2015-05-073-15/+19
|\ \ \ | |/ / |/| |
| * | Use ProviderException in AndroidKeyStore.Alex Klyubin2015-05-063-15/+19
| |/ | | | | | | | | | | | | | | | | | | | | | | This switches to ProviderException in most places in AndroidKeyStore primitives where checked exceptions cannot be thrown. This is to follow JCA design. KeyStoreKeyGeneratorSpi is not touched by this CL because there's another CL already doing that. Bug: 18088752 Change-Id: If7e93042f973334b9bba004f5a330f831c1e77c1
* | Merge "Always mix in additional entropy into keymaster." into mnc-devAlex Klyubin2015-05-073-10/+34
|\ \
| * | Always mix in additional entropy into keymaster.Alex Klyubin2015-05-063-10/+34
| |/ | | | | | | | | | | | | | | | | | | | | | | | | This makes AndroidKeyStore Cipher and KeyGenerator implementations mix in additional entropy into keymaster's RNG regardless of whether they were provided with a SecureRandom instance. In practice, they are always provided with a SecureRandom instance. However, to be safe, when no SecureRandom instance is provided the code now uses a platform-default SecureRandom implementation. Bug: 18088752 Change-Id: I85bca30d7bdc82c2a342094dcbe6044e48a63dca
* | Merge "Adjust the Javadoc for user authentication timeout." into mnc-devAlex Klyubin2015-05-074-16/+20
|\ \
| * | Adjust the Javadoc for user authentication timeout.Alex Klyubin2015-05-074-16/+20
| |/ | | | | | | | | | | | | | | | | The Javadoc incorrectly stated that: * 0 means authentication required for every use. * -1 means that timeout is not specified and the key can be any time. Bug: 18088752 Change-Id: Ie5f37e74dc207f23443527ac1725ae8a37213d75
* | Define String constants for AndroidKeyStore crypto.Alex Klyubin2015-05-0613-397/+644
|/ | | | | | | | | | This defines the String enum values based on JCA standard names for key algorithm, block mode, padding schemes, and digests. This should make it safer to interact with AndroidKeyStore code that uses JCA strings. This was requested by API Council. Bug: 18088752 Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
* Keystore uses 0 for invalid operation handles.Alex Klyubin2015-05-064-13/+19
| | | | | | | | This propagates the concept that 0 is an invalid crypto operation handle to the outside of AndroidKeyStore abstraction. Bug: 20864436 Change-Id: I1e5abb66c5d41d8fc32aac44372495a708c2b6e2
* Handle KM_ERROR_CALLER_NONCE_PROHIBITED.Alex Klyubin2015-04-301-0/+2
| | | | | | | | | This converts KM_ERROR_CALLER_NONCE_PROHIBITED into InvalidAlgorithmParameterSpec, as expected by the contract of JCA Cipher. Bug: 18088752 Change-Id: I6a01e2d7118c478b27a0d7a5a14a127de8913755
* Merge "Switch from FingerprintService to FingerprintManager." into mnc-devAlex Klyubin2015-04-301-26/+24
|\
| * Switch from FingerprintService to FingerprintManager.Alex Klyubin2015-04-301-26/+24
| | | | | | | | | | | | | | | | | | | | | | FingerprintService is a lower layer of abstraction which should ideally be accessed only via FingerprintManager from AndroidKeyStore. The main issue with the switch is that it requires a reference to a Context. This is now obtained using ActivityThread's hidden API. Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa
* | Merge "Cleanup logic for per-op auth keys." into mnc-devAlex Klyubin2015-04-305-65/+173
|\ \ | |/ |/|
| * Cleanup logic for per-op auth keys.Alex Klyubin2015-04-305-65/+173
| | | | | | | | | | | | | | This streamlines the exception throwing logic for per-op auth keys of AndroidKeyStore. Change-Id: I7e27c17fd89d5a7f71f5d7578f584189c5236fb8
* | Merge "Fix the build" into mnc-devSvetoslav2015-04-301-2/+17
|\ \
| * | Fix the buildSvetoslav2015-04-301-2/+17
| |/ | | | | | | Change-Id: I24e697e989b5f88c3f5e61343fbff60a09aa4c12
* | Track Keymaster changes.Alex Klyubin2015-04-304-30/+15
|/ | | | | | | | * MAC length is now specified as a parameters to the begin operation instead of as a parameter at key generation/import time. * KM_TAG_MAC_LENGTH is now in bits instead of in bytes. Change-Id: I752fe232d11d3ac39a575a48948215d84ded8fb9
* Merge "AndroidKeyStore keys should not be handled by Bouncy Castle." into ↵Alex Klyubin2015-04-302-31/+113
|\ | | | | | | mnc-dev
| * AndroidKeyStore keys should not be handled by Bouncy Castle.Alex Klyubin2015-04-292-31/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac, Signature, and KeyAgreement implementations accept arbitrary keys ( including AndroidKeyStore keys). As a result, when a Cipher, Mac, Signature, or KeyAgreement instance is requested from JCA without explicitly specifying the provider (which follows best practices) and then initialied with an AndroidKeyStore key, JCA chooses the BouncyCastle's implementation, which in turn blows up because it can't handle such keys. The workaround is to install Cipher, Mac, Signature, and KeyAgreement implementations backed by AndroidKeyStore as a higher-priority JCA provider than the Bouncy Castle one. This is achieved by splitting out the above implementations from AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider and installing the AndroidKeyStoreProvider at the usual priority (below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider at above Bouncy Castle priority. Bug: 20691708 Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
* | Surface KeyPermanentlyInvalidatedException for per-op auth keys.Alex Klyubin2015-04-292-0/+20
| | | | | | | | | | Bug: 20642549 Change-Id: Ibda270921f13a1fd695264583b0e4bd255f63aed
* | Enable per-use user authenticated keys to be used.Alex Klyubin2015-04-293-2/+12
| | | | | | | | | | | | | | | | | | | | | | | | This makes symmetric Cipher and Mac implementations backed by AndroidKeyStore succeed in their initialization when the key is configured to require user authentication for every use. Users of such keys should obtain an instance of Cipher or Mac, initialize it with the key, and then authorize the operation by passing this Cipher or Mac instance to FingerprintManager.authenticate. Bug: 18088752 Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1
* | Add KeyPermanentlyInvalidatedException.Alex Klyubin2015-04-298-73/+130
|/ | | | | | | | | | | | | | | | | | | This enables users of AndroidKeyStore crypto to differentiate between the key being unusable until the user is authenticated (UserNotAuthenticatedException) and the key being permanently unusable (KeyPermanentlyInvalidatedException). The latter is the case when the secure lock screen has been disabled or reset, and, for keys that require user authentication for every use, when a new fingerprint is enrolled or all fingerprints are unenrolled. NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the NewFingerprintEnrolledException which has thus been removed. There is no way to find out whether a key was permenently invalidated specifically because a new fingerprint was added. Bug: 20642549 Bug: 20526234 Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
* Merge "Add OP_AUTH_NEEDED KeyStore result code" into mnc-devChad Brubaker2015-04-291-0/+8
|\
| * Add OP_AUTH_NEEDED KeyStore result codeChad Brubaker2015-04-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | OP_AUTH_NEEDED will be returned from begin when an operation needs a per operation authentication before calling update. Note that the begin call succeeds when this error is returned, the token and handle are valid. (cherry picked from commit dabe520a3e6b0d0c40adfd748483fa336c43c366) Change-Id: I0ba4e997360843b5eb6c1db9c5fcd1c4d5a2c717
* | Align AndroidKeyStore API with user auth API.Alex Klyubin2015-04-289-362/+216
|/ | | | | | | | | | | | | | | This simplifies the AndroidKeyStore API around user authentication: no more explicit control over which user authenticators are bound to which keys. User-authenticated keys with timeout are unlocked by whatever unlocks the secure lock screen (currently, password/PIN/pattern or fingerprint). User-authenticated keys that need authentication for every use are unlocked by fingerprint only. Bug: 20526234 Bug: 20642549 Change-Id: I1e5e6c988f32657d820797ad5696797477a9ebe9
* am 6c1af7ea: am 8652bce1: am c71f2648: Merge "frameworks/base: switch to ↵Kenny Root2015-04-244-34/+34
|\ | | | | | | | | | | | | using NativeConstants." * commit '6c1af7ea497b1a2f04bdf45a19d2147f5b9665b9': frameworks/base: switch to using NativeConstants.
| * Merge "frameworks/base: switch to using NativeConstants."Kenny Root2015-04-244-34/+34
| |\
| | * frameworks/base: switch to using NativeConstants.Adam Langley2015-04-244-34/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | NativeCrypto is a conscrypt class that contained several OpenSSL constants. NativeConstants is the new class that contains the same thing, but the latter is automatically generated and thus won't drift from the C headers. Bug: 20521989 Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
* | | resolved conflicts for merge of f9c14b7d to masterAlex Klyubin2015-04-2411-94/+105
|\ \ \ | |/ / | | | | | | Change-Id: Ifa29891b8ad7979cbc28c54180b9606bb1319ff0
| * | No runtime exceptions during normal use of AndroidKeyStore crypto.Alex Klyubin2015-04-2410-95/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the implementation of AndroidKeyStore-backed Cipher and Mac to avoid throwing runtime exceptions during normal use. Runtime exceptions will now be thrown only due to truly exceptional and unrecoverable errors (e.g., keystore unreachable, or crypto primitive not initialized). This also changes the implementation of Cipher to cache any errors encountered in Cipher.update until Cipher.doFinal which then throws them as checked exceptions. Bug: 20525947 Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727
* | | am edf5454a: am 3167fb4b: am 71223ebe: Merge "Reset AndroidKeyStore Mac and ↵Alex Klyubin2015-04-242-22/+79
|\ \ \ | |/ / | | | | | | | | | | | | | | | Cipher state when init fails." * commit 'edf5454a14cc53de92eaf1ef15fcfb21d8caccca': Reset AndroidKeyStore Mac and Cipher state when init fails.
| * | Reset AndroidKeyStore Mac and Cipher state when init fails.Alex Klyubin2015-04-242-22/+79
| |/ | | | | | | | | | | | | | | For consistency, this also switches AndroidKeyStore's Mac init/reset implementation to the same approach as used in Cipher. Bug: 18088752 Change-Id: Id34caf7cfe04f2058e22d8632890f762927bb31c
* | Merge "Set Secure User ID from app level."Alex Klyubin2015-04-163-0/+42
|\ \
| * | Set Secure User ID from app level.Alex Klyubin2015-04-163-0/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When AndroidKeyStore keys require used authentication, they need to be bound to a Keymaster's Secure User ID. This ID will be set by keystore soon. Until then, set it from the framework level (i.e., from apps which use AndroidKeyStore). NOTE: Accessing gatekeeper to obtain the Secure User ID will be blocked by SELinux policy. To test this code, disable SELinux enforcing mode. Bug: 18088752 Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e
* | | Unhide KeyStoreKeyProperties.Origin.UNKNOWN.Alex Klyubin2015-04-161-3/+1
|/ / | | | | | | | | Bug: 18088752 Change-Id: Idaed45d7e84f5f3eb4f623552b60206c504e967a
* | am b1aa7d0b: am 51884f0e: am 499126c4: Merge "Add Keymaster ↵Alex Klyubin2015-04-161-1/+11
|\ \ | |/ | | | | | | | | | | KM_ORIGIN_UNKNOWN constant." * commit 'b1aa7d0bc821614d943075c0d786cc3f5eeb8c73': Add Keymaster KM_ORIGIN_UNKNOWN constant.
| * Merge "Add Keymaster KM_ORIGIN_UNKNOWN constant."Alex Klyubin2015-04-161-1/+11
| |\
| | * Add Keymaster KM_ORIGIN_UNKNOWN constant.Alex Klyubin2015-04-141-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | This tracks d359b044830b292f492f8a8df5471f869e358399 from hardware/libhardware. Bug: 18088752 Change-Id: I9a7bd8bdee51c18ae0427eff4efe036213d2b175
* | | am 22b5d9b9: am 28a9089f: am 216d18b9: Merge "Remove IV auto-generation ↵Alex Klyubin2015-04-161-12/+6
|\ \ \ | |/ / | | | | | | | | | | | | | | | workaround." * commit '22b5d9b969176a196b0b29ce9441ac3d1d35d208': Remove IV auto-generation workaround.
| * | Remove IV auto-generation workaround.Alex Klyubin2015-04-151-12/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This workaround prevents use of keys with randomized encryption (IND-CPA). Since randomized encryption is on by default, it's better to keep it working and break non-randomized encryption (until Keymaster is fixed). Bug: 18088752 Change-Id: I4b11ce72cff705be41d3e66f28b507d6ddc1da79
* | | am 763100e6: am 1cb119d3: am 71ba4e46: Merge "Unbreak obtaining symmetric ↵Shawn Willden2015-04-151-5/+10
|\ \ \ | |/ / | | | | | | | | | | | | | | | keys from AndroidKeyStore." * commit '763100e6442494a85cfcb7949c8021836071b1f6': Unbreak obtaining symmetric keys from AndroidKeyStore.
| * | Unbreak obtaining symmetric keys from AndroidKeyStore.Alex Klyubin2015-04-141-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | This tracks 59f977c6988e21b3b8aa6c83428bd6ee1a98816d due to which AndroidKeyStore is unable to provide symmetric keys because it assumes that the digest field is not repeating. Bug: 18088752 Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
generated by cgit v1.1 at 2025-01-07 05:26:00 +0000