3c1830bd7f85f35fe216b8bc5bc7f515b8f6d777 |
|
28-Mar-2018 |
Shawn Willden <swillden@google.com> |
Rename trustedUserPresenceRequired. The existing name is misleading, because it can be read as requiring that a trusted user be present, rather than the intended meaning of requiring trusted proof of user presence. Since this is all about TEE/SE-based keys, the "trusted" part is implied, so the simple "userPresenceRequired" name makes more sense. Bug: 77151288 Test: Keystore CTS tests Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
fcd05a94ef0642857abcd0e7746c40d601a787e7 |
|
18-Jan-2018 |
Allen Webb <allenwebb@google.com> |
keystore: Add Trusted User Presence (TUP) APIs. Test: m -j KeystoreTests && adb install -r out/target/product/crosshatch/data/app/KeystoreTests/KeystoreTests.apk adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' Bug: 72476834 Change-Id: I61ee4326a5e31f1cefacd47470b53634fa94c2ef
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
47670548e07140f3308c2aa4741b1bbf4f25d7bc |
|
09-Dec-2017 |
Eran Messeri <eranm@google.com> |
Keystore: Fix KeyGenParameterSpec parceling Fix the way KeyGenParameterSpec is parceled, by correctly handling default and null values for some of the fields. A recent CL added the ability to parcel/unparcel KeyGenParameterSpec (by a separate class). Due to refactoring late in the CL review cycle, the parceling code did not take into account a few edge cases. Unit tests: m -j KeystoreTests && adb install -r out/target/product/marlin/data/app/KeystoreTests/KeystoreTests.apk adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' CTS tests: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG Bug: 69337278 Test: Keystore unit tets (see instructions above) and cts Key Management test. Change-Id: Ie08f42b07fb55b6fa1d8fb73c89d69687c97e214
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|
852c8f121f2e502e1e8503bfc230dccb81b681d4 |
|
15-Nov-2017 |
Eran Messeri <eranm@google.com> |
DevicePolicyManager: Add key generation functionality. This is the crux of the Verified Access feature implementation: Adding the ability to generate KeyChain keys directly by the secure hardware, rather than installing software-generated keys into KeyChain. Add generateKeyPair to the DevicePolicyManager, which delegates key generation (via the DevicePolicyManagerService) to the KeyChainService. Design highlights: * The key generation is delegated via the DevicePolicyManagerService to check that only authorized callers request key generation in KeyChain. * KeyChainService performs the actual key generation so it owns the key in Keystore outright. * DevicePolicyManagerService then grants the calling app access to the Keystore key, so it can actually be used. * Loading the public/private key pair, as well as attestation certificate chain, is done in the client code (DevicePolicyManager) to save parceling / unparceling those objects across process boundaries twice (for no good reason). NOTE: The key attestation functionality (that includes Device ID) is missing/untested. Will be added in a follow-up CL as this one is quite big already. HIGHLIGHT FOR REVIEWERS: * API: New API in DevicePolicyManager. Bug: 63388672 Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' (After building the KeystoreTests target and installing the apk) Change-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc
/frameworks/base/keystore/java/android/security/keystore/ParcelableKeyGenParameterSpec.java
|