| 3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777 |
|
28-Mar-2018 |
Shawn Willden <swillden@google.com> |
Rename trustedUserPresenceRequired.
The existing name is misleading, because it can be read as requiring
that a trusted user be present, rather than the intended meaning of
requiring trusted proof of user presence. Since this is all about
TEE/SE-based keys, the "trusted" part is implied, so the simple
"userPresenceRequired" name makes more sense.
Bug: 77151288
Test: Keystore CTS tests
Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
| fcd05a94ef0642857abcd0e7746c40d601a787e7 |
|
18-Jan-2018 |
Allen Webb <allenwebb@google.com> |
keystore: Add Trusted User Presence (TUP) APIs.
Test: m -j KeystoreTests && adb install -r
out/target/product/crosshatch/data/app/KeystoreTests/KeystoreTests.apk
adb shell am instrument
'android.security.tests/android.support.test.runner.AndroidJUnitRunner'
Bug: 72476834
Change-Id: I61ee4326a5e31f1cefacd47470b53634fa94c2ef
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
| 47670548e07140f3308c2aa4741b1bbf4f25d7bc |
|
09-Dec-2017 |
Eran Messeri <eranm@google.com> |
Keystore: Fix KeyGenParameterSpec parceling
Fix the way KeyGenParameterSpec is parceled, by correctly handling
default and null values for some of the fields.
A recent CL added the ability to parcel/unparcel KeyGenParameterSpec (by
a separate class).
Due to refactoring late in the CL review cycle, the parceling code did
not take into account a few edge cases.
Unit tests:
m -j KeystoreTests && adb install -r out/target/product/marlin/data/app/KeystoreTests/KeystoreTests.apk
adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner'
CTS tests:
cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG
Bug: 69337278
Test: Keystore unit tets (see instructions above) and cts Key Management test.
Change-Id: Ie08f42b07fb55b6fa1d8fb73c89d69687c97e214
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
| 852c8f121f2e502e1e8503bfc230dccb81b681d4 |
|
15-Nov-2017 |
Eran Messeri <eranm@google.com> |
DevicePolicyManager: Add key generation functionality.
This is the crux of the Verified Access feature implementation:
Adding the ability to generate KeyChain keys directly by the
secure hardware, rather than installing software-generated keys
into KeyChain.
Add generateKeyPair to the DevicePolicyManager, which delegates key
generation (via the DevicePolicyManagerService) to the KeyChainService.
Design highlights:
* The key generation is delegated via the DevicePolicyManagerService to
check that only authorized callers request key generation in KeyChain.
* KeyChainService performs the actual key generation so it owns the key
in Keystore outright.
* DevicePolicyManagerService then grants the calling app access to the
Keystore key, so it can actually be used.
* Loading the public/private key pair, as well as attestation
certificate chain, is done in the client code (DevicePolicyManager)
to save parceling / unparceling those objects across process
boundaries twice (for no good reason).
NOTE: The key attestation functionality (that includes Device ID) is
missing/untested. Will be added in a follow-up CL as this one is quite
big already.
HIGHLIGHT FOR REVIEWERS:
* API: New API in DevicePolicyManager.
Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' (After building the KeystoreTests target and installing the apk)
Change-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|