bd7879ce3ec8a729b2addb9fddca05eebec6d672 |
11-May-2018 |
Bo Zhu <bozhu@google.com> |
Revert "Revert "Change the root of trust for CryptAuth Vault Service"" This reverts commit be4f735cb199d184431d718b245ac51c4e7a70bf. Reason for revert: Resubmit the CL http://ag/3983388 that was reverted. The server side change has been deployed now. Bug: 78920513 Change-Id: If676799176ecf90fd51a97027a9ff83bec5d4bed
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estData.java
|
be4f735cb199d184431d718b245ac51c4e7a70bf |
10-May-2018 |
Bo Zhu <bozhu@google.com> |
Revert "Change the root of trust for CryptAuth Vault Service" This reverts commit 1f4097860987a7e8337f7ffb101488512698e69c. Reason for revert: Will resubmit once the server side change is ready Bug: 79513473 Bug: 78920513 Change-Id: I4c94d307a9181390a59cdc1602cc9d04c1661ad0
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estData.java
|
1f4097860987a7e8337f7ffb101488512698e69c |
01-May-2018 |
Bo Zhu <bozhu@google.com> |
Change the root of trust for CryptAuth Vault Service Change-Id: I99899e7e6c090cf22cf31b0b4d5fd3e33dcb2f8f Bug: 78920513 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estData.java
|
5291268754f80b35cfe7fc35c6179a7953a23f43 |
17-Apr-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Remove implementation of deprecated RecoveryController methods." into pi-dev
|
745d2c98f9467f1befb7ec3a6c485333d4f1b437 |
13-Apr-2018 |
Dmitry Dementyev <dementyev@google.com> |
Remove implementation of deprecated RecoveryController methods. Bug: 78021839 Test: manual Change-Id: I8a8a23f1cc14e7b9ffe1e758b6f35906d1a5cf2f
erialization/KeyChainSnapshotSerializerTest.java
|
8d1ff46dfc7cf8cce7c716d32314183bf65d9c78 |
14-Apr-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't create recovery snapshot until it contains at least one key." into pi-dev
|
925f026cc190d4e6822d1728846fd0f940a618f8 |
12-Apr-2018 |
Dmitry Dementyev <dementyev@google.com> |
Don't create recovery snapshot until it contains at least one key. Bug: 77931409 Test: atest RecoveryControllerHostTest Change-Id: Ibd239cbd21a756a00c33e3cd0100b389b88d38b0
ecoverableKeyStoreManagerTest.java
|
c3aefbd7f8def01618f399f427ddf7c11aeaa88c |
06-Apr-2018 |
Bo Zhu <bozhu@google.com> |
Use Scrypt to hash all passwords in RecoverableKeyStore Bug: 77325751 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystor Change-Id: Ifd934593a2161e397eac77b682e3f4bb2d518822
eySyncTaskTest.java
|
ebdd19c7733f8f61794aefb7067ea31e205ba2e9 |
11-Apr-2018 |
Dmitry Dementyev <dementyev@google.com> |
Don't store deprecated trustedHardwarePublicKey field. Bug:77873515 Test: apct Change-Id: I990203781587f1747af514725014bc6b5bf1e517
erialization/KeyChainSnapshotSerializerTest.java
|
c9d83570698b5b314568759ccb42fb95d0ef0f7b |
04-Apr-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Clean up remaining TODOs in RecoveryController." into pi-dev
|
e73074e9a8aae67e1455c16b621ecbe3c03f0ecc |
04-Apr-2018 |
Bo Zhu <bozhu@google.com> |
Merge "Use Scrypt to hash long passwords in RecoverableKeyStore" into pi-dev
|
482633fe81afed63be75fe36c4cd33b5660bd13d |
04-Apr-2018 |
Dmitry Dementyev <dementyev@google.com> |
Clean up remaining TODOs in RecoveryController. Bug: 77549752 Test: apct Change-Id: I59014ba1e0bf1191090ea3ca7db96e242b9dc0e5
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
|
76973437e9cb36eb60fb2a374366713307688136 |
03-Apr-2018 |
Bo Zhu <bozhu@google.com> |
Use Scrypt to hash long passwords in RecoverableKeyStore It's enabled for test mode for now, and will need to be updated after the other components of the system is updated. Bug: 77325751 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I4fc77aba37aeddbe6a82b633934b068cd4ac507f
eySyncTaskTest.java
ockScrypt.java
|
23174b7eaeb93918451c36bbbfad94bafd44bdd6 |
03-Apr-2018 |
Aseem Kumar <aseemk@google.com> |
Throw ServiceSpecificException if calling app tries to initialize certificates with lower version. Earlier, the code just returned silently, giving no indication that updating certs failed. Change-Id: I3eb1b9f423791a655b47b3e76c20a170e2b632c0 Bug: 77533356 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore
ecoverableKeyStoreManagerTest.java
|
b10ba442dddf8ed388c265734974c45ad1f115e8 |
01-Apr-2018 |
Bo Zhu <bozhu@google.com> |
Skip the cert xml serial number check if the test root cert is in use Bug: 77165400 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I2242b4a97b9efa60a5a5ad7ab79e786951580299
ecoverableKeyStoreManagerTest.java
estData.java
|
b152a8c45dee0da7891f939f71dd55c38b702613 |
01-Apr-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Don't allow using raw public keys to init recovery service any more" into pi-dev
|
0b8c82e66078b842c9bf4a0297e90303e5aa4c1a |
30-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Throw an exception if the given root alias is unknown Bug: 76433465 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I3a213ab0cd3b0e9c002bc44d4ce929977e119e81
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estOnlyInsecureCertificateHelperTest.java
|
c98c8436a60e76a4af261c5348d628e13507ec54 |
31-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Don't allow using raw public keys to init recovery service any more Bug: 75952916 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I06ceddbc116396936d53d804d8d5466efee6aaa7
ecoverableKeyStoreManagerTest.java
|
41d2dd2f266eb8dc50afcda253f04f1c7e9ccc0e |
30-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Expose e.getMessage() from the exceptions in RecoverableKeyStore Bug: 77327780 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: Ibf04d6405e6468bfdfef0a8cb8e6e96bffbbf3a2
ecoverableKeyStoreManagerTest.java
|
86f5bb1a8cfe2d169767fb723d315955dda3a0e6 |
28-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Remove deprecated generateAndStoreKey method implementation Bug: 77156834 Test: GTS, apct. Change-Id: I23791fced21308467afc60cc16efc4aee7074134
ecoverableKeyStoreManagerTest.java
|
57ca3da24f26164104aecbcebf345cfcfac17a66 |
28-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Add support for testing mode root certificate. 1) Add Certificate 2) Helper class for end-to-end tests 3) Only create snapshot for passwords with special prefix in test mode 4) Sync only keys with insecure prefix in test mode. Bug: 76433465 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6edc8c4716c3a034b6b79c7aa6f4b8478e9a3c9e
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estData.java
estOnlyInsecureCertificateHelperTest.java
|
5658837b464275b7ae87fec5529c7344bf21b733 |
29-Mar-2018 |
Robert Berry <robertberry@google.com> |
Save KeyChainSnapshots to disk Bug: 73921897 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I909f2f7f289d4e2a0cdff6a3f7184747e5deeae2
eySyncTaskTest.java
erialization/KeyChainSnapshotSerializerTest.java
torage/RecoverySnapshotStorageTest.java
|
87860048bd81f0b6d6848bf81be4d0ef48304653 |
29-Mar-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Remove unused KeyStore field in RecoverableKeyStoreManager" into pi-dev
|
11115e9c9ae07c9027c4e2fc31168c0db6448210 |
29-Mar-2018 |
Robert Berry <robertberry@google.com> |
Remove unused KeyStore field in RecoverableKeyStoreManager Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Bug: 74944591 Change-Id: Ibe0167adb103beded9eb0138825f4a975f12c29e
ecoverableKeyStoreManagerTest.java
|
25f5135551f2db2e979ee26353c72e303abf16e5 |
28-Mar-2018 |
Robert Berry <robertberry@google.com> |
Persist KeyChainSnapshot to XML Adds parser and serializer, and round trip test. Bug: 73921897 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I8259ec398ee076823ac8bbf847534738514de8dc
erialization/KeyChainSnapshotSerializerTest.java
|
f34fc7e18c2a2ec5cff0bd9d96397311745fbef4 |
27-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Use rootAlias to index chosen cert and its version. Added new column to store active alias for given recovery agent. Added new table with chosen certififcate and cert list serial number indexed by recovery agent and root of trust. Bug: 76433465 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iae8b84312805400bf1acd4db242efeb6d167c000
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbHelperTest.java
torage/RecoverableKeyStoreDbTest.java
|
678c0286be37820a246b0a5b9105790e139d7916 |
27-Mar-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Do not create snapshot on first init" into pi-dev
|
7cd217b33d0bbef9882a2b594dcfd130461c7bc5 |
27-Mar-2018 |
Robert Berry <robertberry@google.com> |
Fix broken test RecoverySnapshotStorageTest This throws an NPE now. Bug: 75952916 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I094036dbe7e0c149b234a60729aa7fec8db3e2d9
torage/RecoverySnapshotStorageTest.java
|
e8edf97843525647cda4b40d55b27f5efa632177 |
27-Mar-2018 |
Robert Berry <robertberry@google.com> |
Do not create snapshot on first init Currently the first time the RecoveryController is initialized, it sets a snapshot pending. This is because there is no cert, so it installs the cert, and the existing logic also sets snapshot pending. This fixes that. Bug: 74949975 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: If150524c3fc41fd2ee9cc6310109b41d62dcbb29
ecoverableKeyStoreManagerTest.java
|
af13eeb11050b27419a235737a30b5a3335fdbe0 |
27-Mar-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix setRecoverySecretTypes to not always set snapshot pending" into pi-dev
|
5b4a0d6751273f365d6e04ebb8f52dc2acc826a8 |
27-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Use Builder instead for KeyChainProtectionParams." into pi-dev
|
5a1acefb88a991819c6423ba931a3990491f5b3d |
26-Mar-2018 |
Robert Berry <robertberry@google.com> |
Fix setRecoverySecretTypes to not always set snapshot pending Only updates should set snapshot pending. Setting the secret types for the first time should not set snapshot pending. If it did, then just initializing the recovery agent would cause a snapshot to be made, even if it contained no keys. Also, setting the secret types to the same value as it was previously should not set snapshot pending, for the exact same reason. If the secret types were to change, however, for some reason, then a new snapshot must be made, as it may have additional or fewer layers of protection. Bug: 74949975 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: Ib29d56d5c46e730d9ed457f2d516f84ecb9e53b8
ecoverableKeyStoreManagerTest.java
|
16d9db57f513eb13eeb2486d2d4770f59faf5550 |
26-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Use Builder instead for KeyChainProtectionParams. Use Builder to create KeyChainSnapshot it tests. Bug: 75952916 Test: apct Change-Id: I5ab8c864a7ccc55dafa40867ec4364a705738d86
ecoverableKeyStoreManagerTest.java
torage/RecoverySnapshotStorageTest.java
|
8f9038c0590cfb4d8a9ea36d8a898d64c4b73321 |
26-Mar-2018 |
Robert Berry <robertberry@google.com> |
Fix setServerParams to not always set snapshot pending Only updates should set snapshot pending. Setting the server params for the first time should not set snapshot pending. If it did, then just initializing the recovery agent would cause a snapshot to be made, even if it contained no keys. Also, setting the snapshot to the same value as it was previously should not set snapshot pending, for the exact same reason. If the server params were to change, however, for some reason, then a new snapshot must be made, so that it can be synced to the correct vault. Bug: 74949975 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: Ie09284553f922de869be7bcd577d0f0eb9d0bbd3
ecoverableKeyStoreManagerTest.java
|
fd4ae0b2ddd58f6acbb19632f20e40024e3d85b1 |
23-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Add NonNull annotation to more parameters in Recovery Controller. Use Builder instead of deprecated constructor for KeyDerivationParams. Bug: 75952916 Test: adb shell am instrument \ -w -e package com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I223e4dc1aa92cbde60e53b364ed74a452d3f6bbd
ecoverableKeyStoreManagerTest.java
|
95f2965a749ce81451217bf520b41b2c945ececb |
23-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Prepare KeyChainSnapshot to removing deprecated getTrustedHardwarePublicKey method." into pi-dev
|
d9e1a8fd6807b6369dfd99db5005604fae9133d5 |
23-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Remove 17 bytes length restriction for vaultHandler." into pi-dev
|
364dbf1c9e695e339508fda9184fba797ed5491a |
23-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Update RecoverableKeyStoreManager methods to throw NullPointerException when null is passed as @NonNull argument." into pi-dev
|
8f4fae9d84f9620be0587441df5462e1a6565e4b |
23-Mar-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Regenerate counterId when a new cert XML file is successfully imported" into pi-dev
|
b926f0aeb73c0907332fbc581906600ee96ea30b |
22-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Remove 17 bytes length restriction for vaultHandler. Update tests. Bug: 75952916 Test: none Change-Id: I78786e397a7d2ff95b29d5bc039442a1f6088be6
eySyncUtilsTest.java
|
1e6a9dcecb92b4a9a8d3c60372821ba7cd830873 |
21-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Update RecoverableKeyStoreManager methods to throw NullPointerException when null is passed as @NonNull argument. Mark serverParams as nullable. Null value can be used to prevent new snapshots creation. Bug: 73959762 Test: Test: adb shell am instrument \ -w -e package com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I5c6ddd696b2882b3d27978b0146ff419bedaf5ee
ecoverableKeyStoreManagerTest.java
|
3b67e06de57549cfa9b4db88b13d105126d7ad94 |
23-Mar-2018 |
Dmitry Dementyev <dementyev@google.com> |
Prepare KeyChainSnapshot to removing deprecated getTrustedHardwarePublicKey method. Add null checks to getTrustedHardwareCertPath. Remove unused and outdated PersistentKeyChainSnapshot class. Use CertPath instead of public keys in KeySyncTaskTest. Bug: 75952916 Test: adb shell am instrument \ -w -e package com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ifabe7d5fa250069ebe0885ce52ec29b01294f63a
eySyncTaskTest.java
estData.java
torage/PersistentKeyChainSnapshotTest.java
|
8d6861eb77845a272c3937c304fed46a0951847e |
22-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Regenerate counterId when a new cert XML file is successfully imported Bug: 74027192 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I785b49856693d00545b35759181eaa53741b87ab
ecoverableKeyStoreManagerTest.java
|
f23c203ed5dc98a701ab7b425d4773aa27a761d9 |
22-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Remove the hard-coded counterId in VaultParams Bug: 72221676 Test: Manual test and runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I51cfac6478d59f41c1107106a14af008463f7de7
eySyncTaskTest.java
|
889e78cb28a59c678ce1310c94e25ba887e18571 |
21-Mar-2018 |
Robert Berry <robertberry@google.com> |
Merge "Add RecoverySession importKeyChainSnapshot method" into pi-dev
|
4a5c87def075c805d4fcae7ff01dd2e78ec27b1a |
19-Mar-2018 |
Robert Berry <robertberry@google.com> |
Add RecoverySession importKeyChainSnapshot method This imports the keys directly into the keystore of LockSettingsService, allowing them to be accessed via the RecoveryController getKey method. This is better as it does not expose raw key material to any app. Bug: 74345822 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I4991b0cff1d2fa2e5bd0b53a71c096499e93e98b
ecoverableKeyStoreManagerTest.java
|
b31ab6740d66b21a74ffa77b753ea3364288254e |
21-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Use the new root cert file under the core/ folder This CL also adds an alias param to the RecoverySession#start method. Bug: 76033708 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I870f4f89bd6e319e1687a981aa04af0d23f3c922
ecoverableKeyStoreManagerTest.java
|
2fd4b597ae3cfaa5dfa8156ec15bc813d69acf7a |
15-Mar-2018 |
Robert Berry <robertberry@google.com> |
Create snapshot even if no PendingIntent is registered When the user first unlocks the phone after booting, the system app has not yet started. As such, it will not have had a chance to register a PendingIntent. But if it has ever previously initialized, the framework can still create a snapshot, and should. Otherwise, it may be up to 72 hours before the user unlocks their phone again using the primary method, which adds delay to the key sync. Bug: 73921897 Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: Idfaf53194e6a2f5d5ce0123d72f46197392d2c99
eySyncTaskTest.java
ecoverySnapshotListenersStorageTest.java
|
3326da5f4ca80c83d9631d6ba237bbf7223f0b9f |
13-Mar-2018 |
Aseem Kumar <aseemk@google.com> |
Disable RecoverableKeyStoreManager for custom lockscreens. Bug: 74225107 Test: adb shell am instrument \ -w -e package com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I88fc0fe7fdb23439d781cac96632196465553a38
eySyncTaskTest.java
torage/RecoverableKeyStoreDbTest.java
|
0f0d1ab1d370bb3f99a288a85b03f9b551eb1383 |
02-Mar-2018 |
Bo Zhu <bozhu@google.com> |
Merge "Check the public-key signature of the whole certificate file before accepting the certificates"
|
59b12b9a3029cb42bed1fbf6d53308d9c4c5a33f |
01-Mar-2018 |
Robert Berry <robertberry@google.com> |
Remove calls to setAccount and getAccount in test This param is now deprecated. Test: runtest frameworks-services -p \ com.android.server.locksettings.recoverablekeystore Change-Id: I318edba915cb15280b884181ae868b4b07a35098
torage/PersistentKeyChainSnapshotTest.java
|
7f414d94fc4f6bd34325f3865b51e8d11acb52ad |
28-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Check the public-key signature of the whole certificate file before accepting the certificates This change requires an additional param to the initRecoveryService() API to take in the public-key signature. Bug: 73904566 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2aeead1fda51b6cd8df71ed3b5066342ebc8d5ea
ecoverableKeyStoreManagerTest.java
estData.java
|
7ce4ea52b356c2c7e1e65f5d484b3b641d06343e |
28-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Check the given CertPath against the root of trust during recovery Bug: 73826459 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I28893d815c57260c4d0f0d55d252bff5d34d4832
ecoverableKeyStoreManagerTest.java
ertificate/CertUtilsTest.java
|
2c8e5383c836d2dfa39b0be6bfa281285667a880 |
27-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Add a new API to import a key provided by the caller, such that this key can also be synced to the remote service This API may be useful for backward-compatibility work, e.g., recovering a key that's backed up in Android Q+ to Android P without updating the Android P Frameworks code. This API may also be useful for other use cases. Bug: 73785182 Change-Id: I1022dffb6a12bdf3df2022db5739169fcc9347d2 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
ecoverableKeyGeneratorTest.java
ecoverableKeyStoreManagerTest.java
|
d9f11a9b15631179cc283cc59ec99953d1794b08 |
26-Feb-2018 |
Robert Berry <robertberry@google.com> |
Clean up RecoveryController imports Some code is still importing constants from the deprecated old API. Test: manual Change-Id: I7a9e7e25c21641294c7af18bf2f83543f425edb2
torage/RecoverableKeyStoreDbTest.java
|
f34ad9509df18aff1f36123b839c62003216245c |
25-Feb-2018 |
Robert Berry <robertberry@google.com> |
Merge "Remove packageName from getRecoveryStatus"
|
7c1972ff71080568b7288197e96e163d5a469e5f |
23-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Add CertPath to KeyChainSnapshot and startRecoverySession CertPath will include a cert of the trusted hardware and necessary intermediate certificates. Bug: 73784851 Change-Id: Ic70616b8f119891a82402b91035456e404c5f6de Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
ecoverableKeyStoreManagerTest.java
|
56f06b4d111f99f72d4232b43037fea2f6246e7d |
23-Feb-2018 |
Robert Berry <robertberry@google.com> |
Remove packageName from getRecoveryStatus This parameter is unused. Bug: 73757432 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I153a84d71b0ebaed8ce3a1f0f33c70036dd960b2
ecoverableKeyStoreManagerTest.java
|
bbe02ae8a3dd07989d61bbb739bfd863123c5489 |
20-Feb-2018 |
Robert Berry <robertberry@google.com> |
Remove package name parameter from setRecoveryStatus Package name is implicit. Recovery agent can only act for the same uid. Bug: 73757432 Test: runtest frameworks-services -p com.android.server.locksettings.recoverablekeystore Change-Id: I45abf4b956fa4e97d981614d9e61295e85d5669e
ecoverableKeyStoreManagerTest.java
|
b2675b4402c2c8e182fd3e7625e7d2aa99cc8425 |
20-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Fix two broken tests in PersistentKeyChainSnapshotTest Bug: 73609806 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6c054fe8069c2016f8952380c0e083c6eb2b6a23
torage/PersistentKeyChainSnapshotTest.java
|
5a9f4e58683b6a59e0c0d997bd9817e8ee7fcd52 |
19-Feb-2018 |
Andreas Gampe <agampe@google.com> |
Frameworks: Disable two recoverablekeystore tests Disable failing tests. Bug: 73513670 Bug: 73609806 Test: atest PersistentKeyChainSnapshotTest Test: m javac-check RUN_ERROR_PRONE=true Change-Id: I86c37b6d9875c7380fb90aa1ab94b4fbb311ada7
torage/PersistentKeyChainSnapshotTest.java
|
bd666411cc02b56d67567d7fd2564207183470e6 |
19-Feb-2018 |
Andreas Gampe <agampe@google.com> |
Frameworks: Fix JUnit4 test annotations Fix missing annotations in recoverablekeystore. Found by errorprone. Bug: 73513670 Test: atest PersistentKeyChainSnapshotTest Test: atest RecoverableKeyStoreDbTest Test: m javac-check RUN_ERROR_PRONE=true Change-Id: I976b29bf2c7f47d1a9c615b1f8102b593842724b
torage/PersistentKeyChainSnapshotTest.java
torage/RecoverableKeyStoreDbTest.java
|
8060c29816ea70f3fca2682885fa1808e37657ba |
14-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Add OWNERS files for the recoverable keystore folders Test: None Change-Id: I4ad1079cbda4e10ea5f76fb8b3cc280befc62928
WNERS
|
ae0682dfe210b3c51cd686afcbed01626ec14915 |
13-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Do not throw an exception if there's no application key to be decrypted Bug: 73287131 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I17fd94a975312abf9b93080318b7c16a4d388237
ecoverableKeyStoreManagerTest.java
|
14d993dc2c0bbdee6a6ae0c270a92107c9f57a84 |
04-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Accept an XML file containing a list of THM certificates instead of the temporary solution using the raw public key Change-Id: I6f9543c39e328503db0f24a49901fff6e04fe8c5 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
estData.java
torage/RecoverableKeyStoreDbHelperTest.java
torage/RecoverableKeyStoreDbTest.java
|
4857cb50ce8949e7c0e75644283632e76b6c238f |
06-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Continue to decrypt other application keys if one fails to decrypt An exception will still be thrown if all the application keys fail to decrypt. Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Bug: 72932279 Change-Id: I95befcd46672b77380226e61369759de5617ecea
ecoverableKeyStoreManagerTest.java
|
7831a4db287ddc63e719c8c10663b9fd660bc550 |
06-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Merge "Try to check the platform decryption key is still accessible before using the platform encryption key"
|
9b0ab491f44e777e024ac0336dcc152af92e631d |
06-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Change enum MustExist in CertUtils to IntDef integers Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I5ebb52c86189f813db688e075ac8b2144d938102
ertificate/CertUtilsTest.java
|
4d31291ed564e9a53ab75a73d730f990204105ee |
02-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Add the utility functions to parse and validate XML files contains public-key certificates for THM Bug: 72524773 Change-Id: Iad30f11d14857bb919343b6a60b3b83cf85f2c52 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
ertificate/CertUtilsTest.java
ertificate/CertXmlTest.java
ertificate/SigXmlTest.java
ertificate/TestData.java
|
1170a78f471400f597aa6e3b20c0626fad96338c |
01-Feb-2018 |
Bo Zhu <bozhu@google.com> |
Try to check the platform decryption key is still accessible before using the platform encryption key Also did some small clean-up changes in the same files. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If34ca756e7d9cf5e053786a87f14f59d482d0cf9
latformKeyManagerTest.java
|
29b9de5b8a9b38290c2855890ae1f7a93c0b8421 |
01-Feb-2018 |
Dmitry Dementyev <dementyev@google.com> |
Update RecoveryController to use KeyStore grant API. Missing parts: 1) Whitelist locksettingsservice to use grant API. 2) Probably have similar update for recovered keys - they will live in system service and RecoveryAgent will use getKey() method to access them. 3) ApplicationKeyStorageTest Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I584b89e3f777bed679b2eb5173750f3f1dee3635
ecoverableKeyStoreManagerTest.java
|
24e9be8bc738bf4e36977a792df5c1606e83a6b8 |
30-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Add PersistentKeyChainSnapshot serialization/deserialization methods. Unlike Parcelables, Byte array produced by the class can be safely stored in the database. Bug: 71804644 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I826a0cc4d7dc33ff1a062374a4fc8471db8e2f34
torage/PersistentKeyChainSnapshotTest.java
|
73a4d9444b24617444179a3c8a88f8c6820e39bc |
27-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Recreate recovery snapshot with current version if it is not stored."
|
907e27586a4c2890d7c531e8f0eedb0c18d4decc |
26-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Recreate recovery snapshot with current version if it is not stored. Use Builder to create Parcelables. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ieed92be627a8a2411353ce6a84b26dd7bde99401
eySyncTaskTest.java
|
6e16724fb66e4bd14274768174379aa88c34464f |
26-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Remove platform key when user disables lock screen protection Correctly sync keys on LSKF update. Bug: 72443379 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2569310388a6f852c86d560663024d8c8dadb761
eySyncTaskTest.java
latformKeyManagerTest.java
|
3f2d1713fd8d3379f94c0c880d6242c7cbc1eea8 |
24-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Handle case when PlatformKey is invalid. When Platform key is invalidated, all applicatio keys wraped into it needs to be marked as unrecoverable. It can happen when user removes screen lock. Bug: 72443379 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I7ae257f8fdb4b6abf789887f15b02a2fe370dfb8
latformKeyManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
0916e7ca44aba5e6c89d75007da805697fdace9e |
23-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Prepare KeyStore RecoveryController API for review. - set/get recovery status simplification - adding account to WrappedKey - moving recovery methods to the Session class. There are small cosmetical changes to .aidl which don't affect implementation logic. Bug: 72299798 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I9efaa4cde42cf778bb97ed13f62750a65d8c6cb5
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverySnapshotStorageTest.java
|
81ee34bf957dffe020442e3f0c6c06817397ebf0 |
23-Jan-2018 |
Robert Berry <robertberry@google.com> |
Move APIs to final location in preparation for API review Leave old APIs in current location for backwards compatibility reasons. Bug: 72298565 Test: Tried flow with current versions of GMSCore to ensure they work still Change-Id: Iafc2b8ad8a574460dbb2482a67935debe71f1113
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverySnapshotStorageTest.java
|
d5ba9f60dc9885912a5add4c6d9038c35f31b08a |
19-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add 4 new fields to KeychainSnapshot"
|
add1bad01ee9ac90177df832e6dceb288db93f04 |
19-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Add 4 new fields to KeychainSnapshot The fields are necessary to construct correct arguments for recovery session. maxAttempts counterId serverParams trustedHardwarePublicKey Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If8fbc2e0a313d4367712e3598925eab0fb334258
eySyncTaskTest.java
|
aea1e39be476a6e005709191b5b78a0cbec12684 |
19-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Temporary use hardcoded counterId. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I0f387e6a424f24de340276fc45cfaddb3529a715
eySyncTaskTest.java
|
30760c4aa379269472aeceb65ef1518f91406009 |
19-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix RecoverableKeyStore unit tests."
|
ae6ec6d2ee732ae6060e4558f36c77e0283a2dd8 |
18-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Fix RecoverableKeyStore unit tests. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I19aeb444e2f99f698cd1f9dfa13215093f5230da
ecoverableKeyStoreManagerTest.java
torage/RecoverySessionStorageTest.java
|
31ccba1af0e2eb6ca280a3da12b3521f3353e599 |
18-Jan-2018 |
Bo Zhu <bozhu@google.com> |
Change packVaultParams to use the real vault_handle directly Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I5ebe28fddba3d3939a105c696250f3ea68720822
eySyncTaskTest.java
eySyncUtilsTest.java
|
74928a1dfb2b78fc77e229f5722a5a04cad5872c |
18-Jan-2018 |
Robert Berry <robertberry@google.com> |
Rename RecoveryManager to RecoveryController This fixes the linting error that happens when we attempt to make this a @SystemApi. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ib9eea030874608d73ceeff21ee8d7e9d5a75bce8
torage/RecoverableKeyStoreDbTest.java
|
2bcdad95330c75e3122d0736f1a40acd521dc243 |
18-Jan-2018 |
Robert Berry <robertberry@google.com> |
Use RecoverySession object to hide session IDs (redux) Session IDs are an implementation detail that the framework can (and should) abstract away. This was previously reverted due to breaking master. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I4427c818348c054ada39d799b6da3b739f27eba9
ecoverableKeyStoreManagerTest.java
torage/RecoverySessionStorageTest.java
|
588a06f5a25adad63337ac481f9e1b55dcc169a1 |
18-Jan-2018 |
Robert Berry <robertberry@google.com> |
Merge "Revert "Use RecoverySession object to hide session IDs""
|
9fa87627eda1028723b0df5dc6f1a359ac4b99df |
18-Jan-2018 |
Robert Berry <robertberry@google.com> |
Revert "Use RecoverySession object to hide session IDs" This reverts commit 988c55ce67459553bad517426a924d06a89b059f. Reason for revert: broke some tests Change-Id: Ib43099aebc8ff025e052337475bab13445da74eb
ecoverableKeyStoreManagerTest.java
torage/RecoverySessionStorageTest.java
|
c07dd18a3ebbceb6bf6277275d504fe38bdabaac |
18-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Update the VaultParams encoding to reflect the recent change in the format of vault_handle"
|
c4e99794e9d9b160889ebf1defa1c603a3b94d22 |
18-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Use RecoverySession object to hide session IDs"
|
988c55ce67459553bad517426a924d06a89b059f |
17-Jan-2018 |
Robert Berry <robertberry@google.com> |
Use RecoverySession object to hide session IDs Session IDs are an implementation detail that the framework can (and should) abstract away. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ieba641a9b54ac9bba197a6e9749b621a07e40c67
ecoverableKeyStoreManagerTest.java
torage/RecoverySessionStorageTest.java
|
9e1bd362df96daeda3cce5f536e57479f7ea6105 |
18-Jan-2018 |
Robert Berry <robertberry@google.com> |
Rename KeychainProtectionParameter to KeychainProtectionParams Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iab6d85d0be38e1a09ce78bb96b8f68493de65be9
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
|
4ff2b3fd83514807607231303ea0bb2c73c0fc5c |
18-Jan-2018 |
Bo Zhu <bozhu@google.com> |
Update the VaultParams encoding to reflect the recent change in the format of vault_handle Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I105d17ac87b70795fa977b7649c7a1fdcb97b5e9
eySyncTaskTest.java
eySyncUtilsTest.java
|
5f138701fe5c652199aae4845caf83797ead4c82 |
17-Jan-2018 |
Robert Berry <robertberry@google.com> |
Use better names for associated classes of RecoveryManager I will also rename RecoveryManager to RecoveryController -- in a separate CL, as this one is already becoming too large. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2fb4e1f55fb50d95f15c230783c3d289dd71f7f3
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverySnapshotStorageTest.java
|
7d8c78a2c88a4898a63b918ab8b974aecd7b165b |
13-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Refactor KeyStore Recovery Manager. 1) Parameters -> Params 2) Use byte[] for serivice parameters. 2) Move Exception into separate class. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I1b9a8748830f7deb9eeb57693f5a818a49a7aabe
eySyncTaskTest.java
eySyncUtilsTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
ed89ea04e48f0c629c6511a2e41a9979da575881 |
11-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Big RecoverableKeyStoreLoader refactoring. The change is based on API review. 1) package and class names update 2) Builders for Parcelables. 3) Use Constant for RECOVER_KEYSTORE permission defined in android.Manifest. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I49f80acbb6dc0eb6d049e18e8cb0d1aa326dadb2
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
torage/RecoverySnapshotStorageTest.java
|
c3188fd767bdbdb46b569243ae13032aa973a381 |
12-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Merge "Mark current recoverable keystore snapshot as outdated in a few events:"
|
40dadb0e75809c12713879cafede0b39baee76d7 |
11-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Mark current recoverable keystore snapshot as outdated in a few events: 1) recovery service is initialized 2) Server parameters were updated 3) Recovery secrets used for end-to-end encryption were changed. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I1838f88268189a910573db51f290992d6147aa4a
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
|
122bfe1b7eed5fb772d40b901ed818095c62c2e9 |
11-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Check that recoverySecretTypes contains TYPE_LOCKSCREEN during unlock. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I55e8518c92704655d96eb1cddf84bb7956ea5912
eySyncTaskTest.java
|
abd713c4c8dc266ccd25d3a9e46d2e44d2606dfb |
10-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Use correct lock screen type in KeyStoreRecoveryMetadata constructor. Bug: 71738161 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ib06a9fe4c1182bfd3f4eb0d5f3f3b50c0bf71f25
eySyncTaskTest.java
|
67d86e3990953cc6b5821111be79953e533ca34b |
10-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Update recovery snapshot version."
|
ce5ed6e6f366646d82ecd9cc6142926e51eef99d |
10-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Rename createSHA256Parameters to createSha256Parameters"
|
77183effbf21cbaa9dd81b31ba5c0e1a580619a3 |
06-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Update recovery snapshot version. There is exactly one snapshot per userId - recovery agent uid pair. Version is incremented when 1) User credential is updated 2) User unlockes phone and list of application keys was changes since last snapshot creation. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6ab98fcbbb05e33958e6def644b40441cb52de6a
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
b719546cada471f58880b4e66762c1d31d742df6 |
09-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Rename createSHA256Parameters to createSha256Parameters Fixes the following lint warning: Warning S1: Method names with acronyms should be getMtu() instead of getMTU() Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If9eb03e2a2a63fe02a2da4828bd0c5c8997078b9
ecoverableKeyStoreManagerTest.java
|
07c765553da1224876cd55b91e260b240025bc6e |
09-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Use String instead of byte[] to represent alias in KeyEntryRecoveryData. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iac74fe856b43faa602ea1c2d9172f669826f4011
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
|
5daccec818ffc26fafb795b17d5b1f76fbce3a60 |
06-Jan-2018 |
Robert Berry <robertberry@google.com> |
Add API to remove recoverable keys Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ib69e730467974d34ffe4a700bd6aaf4543a524ae
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
def7ffdb054777b792e23e96b2eee1010d1404f2 |
05-Jan-2018 |
Bo Zhu <bozhu@google.com> |
Check the public key bytes of veriferPublicKey matche the ones in vaultParams Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iac26de202be88c8328619b03dd59ab742aa7e4c3
ecoverableKeyStoreManagerTest.java
|
3462c832d1acccca3cdd541dea86442eb81536ab |
05-Jan-2018 |
Bo Zhu <bozhu@google.com> |
Refactor PlatformKeyManger to remove mUserId to fix two tests that fail on clean devices without secure screenlocks The mUserId is removed to allow a mocked PlatformKeyManager to be passed into RecoverableKeyStoreManager for tests. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I9b1fda3c7d869b683cd71cb81ea88da5d995ace9
eySyncTaskTest.java
latformKeyManagerTest.java
ecoverableKeyStoreManagerTest.java
|
1429831ac86ad48b3ea7cb39f7c1234d9272dc0b |
05-Jan-2018 |
Dmitry Dementyev <dementyev@google.com> |
Remove unused userId parameter from RecoverableKeyStoreManager. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ibf09724839cbdbf7172462ce0368278c7e65155f
ecoverableKeyStoreManagerTest.java
|
328f0b849e06f3eb0d007ce441a734c36e6f668f |
04-Jan-2018 |
Bo Zhu <bozhu@google.com> |
Use the same VaultParams encoding as the server side Change-Id: I99887f2e52c24726b40fa4cfedc0a1854490160f Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
eySyncUtilsTest.java
|
b811553c4c6661599fa30910a49b8b54279e12be |
02-Jan-2018 |
Robert Berry <robertberry@google.com> |
Fix bug where PlatformKeyManager did not save generation ID This caused a new platform key to be repeatedly generated. Also fix an issue where you had to have the RECOVER_KEYSTORE permission to check the status of your own keys. This does not make sense. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I51aa4e1fe1a96b79bb9b6ae249d29311808134f1
latformKeyManagerTest.java
|
94ea4e4caf0c41042df288b6fcdade01c0ce3430 |
28-Dec-2017 |
Robert Berry <robertberry@google.com> |
Encode vault params in key sync task Still not sure how we're getting counter_id here, though? Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic473fff4a19c1d044a6381a1459eca0835a55697
eySyncTaskTest.java
eySyncUtilsTest.java
|
aa3f4cad33c7143679d54938aae7a37749d7f035 |
27-Dec-2017 |
Robert Berry <robertberry@google.com> |
Hook up using initialized public key in KeySyncTask Not sure if this is correct, PTAL. We won't have a specific uid when the phone is unlocked, only the userId. Should the public key be uid-specific or just userId-specific? Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic2ec442c8a283e747542fafa9d7b0462aa185532
eySyncTaskTest.java
torage/RecoverableKeyStoreDbTest.java
|
bdfdf53d08618ed34358b6ba66e1893bd35a4623 |
27-Dec-2017 |
Dmitry Dementyev <dementyev@google.com> |
Implement RecoverableKeyStore API to set/get recovery secret types. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: If29f22f24438a9d050fabebf970b9ae56b0df805
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
9104404408cbead4a2faedd96d5bab3fa050751a |
27-Dec-2017 |
Robert Berry <robertberry@google.com> |
Trigger recovery agent PendingIntent in KeySyncTask Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Iafae3ff7da9bdc9e986cd19cde72170f9f438180
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
ecoverySnapshotListenersStorageTest.java
torage/RecoverableKeyStoreDbTest.java
|
23ee77035d0bd7dc9e9894b9048bfc156034bc98 |
27-Dec-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add storage for snapshots in KeySyncTask"
|
bd086f1963f13d13a03928f41b9b7979bebffa26 |
27-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add storage for snapshots in KeySyncTask Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I25a9d6999bec5639cc91532da1b42a8d1f911b79
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
torage/RecoverySnapshotStorageTest.java
|
3ae5bea99971ab1ea36189df7cba99ee6cbe7abc |
27-Dec-2017 |
Robert Berry <robertberry@google.com> |
Fix broken generateAndStoreKey tests Sorry, this was my fault. I thought I'd run them but obviously not. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ic45d59774e0aced17ef205559b2791ba7f26eabe
ecoverableKeyStoreManagerTest.java
|
584b923fb7d92a735209ec30b2c5e7d4b8e673eb |
23-Dec-2017 |
Bo Zhu <bozhu@google.com> |
Write the integer given by setServerParameters() into SQLite DB Change-Id: Icd8b40154560c600757d51ed4620d39fc07e494c Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
latformKeyManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
8cb41716331be6e7d3786bafc39d586b53016410 |
22-Dec-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add key encryption to KeySyncTask"
|
5b81fa66e8efc2b8ed54973a5f1b1bbd6d7a7b3e |
21-Dec-2017 |
Bo Zhu <bozhu@google.com> |
Implement the DB table to store the recovery service's public key Change-Id: Ic80469dd0a199aa45d353ee07d712310047fd428 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
torage/RecoverableKeyStoreDbTest.java
|
14cddc465bcda7ba1ae2f97ada23c82a507abdf4 |
22-Dec-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Implement generateAndStoreKey"
|
cfc990a49ddc00f3ca972b463c6475d7d5ac7b41 |
22-Dec-2017 |
Robert Berry <robertberry@google.com> |
Implement generateAndStoreKey For now just returns raw key material. In the future we will need to change this to use the KeyStore move api. (Once that has been implemented.) Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I8aee4da81f0f853503f570dae8d74e1d29f124cc
ecoverableKeyGeneratorTest.java
ecoverableKeyStoreManagerTest.java
|
f0a4bea6b242d7673053bfd43f932e9a464ac9e0 |
22-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add key encryption to KeySyncTask This mostly completes the task. Still some TODOs around constructing the vault metadata correctly, and exactly what the Intent should look like. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ibf5705830f577597f0cc2afdd906f6517e426d01
eySyncTaskTest.java
|
bd4c43c686d2d2bb36e25f07b19aa5adfac21301 |
22-Dec-2017 |
Robert Berry <robertberry@google.com> |
Update recoverKeys to return raw material This is a temporary solution, while the KeyStore team works on adding a move API to KeyStore. (At which point this will be updated to instead return 'move tokens', allowing the user to move the key from the system's keystore to their own, without ever seeing the raw material.) Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2241a6da15d50c26a7b384d4e5b6f78366fb9300
ecoverableKeyStoreManagerTest.java
|
ad88471920085d87f377f4e00330f5f25e3ead80 |
20-Dec-2017 |
Dmitry Dementyev <dementyev@google.com> |
Implement API to store and retrieve recovery status. Currently recovery agents can set/get statuses only for their own keys. Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I5cb70ce139ca29c066d46d0bd4d2967bd3c30843
ecoverableKeyStoreManagerTest.java
torage/RecoverableKeyStoreDbTest.java
|
3b17c63f698fb09fb14f457053edb2db186fea9a |
22-Dec-2017 |
Dmitry Dementyev <dementyev@google.com> |
Implement RecoverableKeyStoreLoader.setSnapshotCreatedPendingIntent Bug: 66499222 Test: adb shell am instrument -w -e package \ com.android.server.locksettings.recoverablekeystore \ com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I45905a2594ae5b4a681f15e78a7f63293c8fb4d5
ecoverableKeyStoreManagerTest.java
|
b9a220b9b50ef8d0e19d619721209233b3253c2c |
21-Dec-2017 |
Robert Berry <robertberry@google.com> |
Implement recoverKeys This implements all of recoverKeys, except for loading keys into the AndroidKeyStore. Also omitting re-enrolling keys into the recoverable store for now, as it is not clear whether the user will have a lock screen set at this point. If they do not have a lock screen set, we cannot re-enroll keys, as the platform-decrypt key is bound to the lock screen. Also modifies SecureBox to throw AEADBadTagException for any issues with the encrypted payload. IllegalArgumentException is a runtime exception, so would be unexpected, but might occur if the encrypted payload is for some reason garbage. Also, throw NPE if the payload is null, as that is a programmer error - not something that should ever occur at runtime. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I4f0be412c3044f3472a6aed514f1caf54b7ee41f
eySyncUtilsTest.java
ecoverableKeyStoreManagerTest.java
ecureBoxTest.java
torage/RecoverySessionStorageTest.java
|
5bbc3eeb8b4f261ac93a8cee9c87c8aca5a5dde2 |
22-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Add KeySyncTask"
|
4a534ecdd326db6557ac5fc275c11e091c306a44 |
21-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add KeySyncTask We should be doing all syncing on another thread, so as not to slow down screen unlock. This is an initial skeleton implementation that does nothing. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I43ebe3f026cbba62985a464b6c0e0a9151448a51
eySyncTaskTest.java
ecoverableKeyStoreManagerTest.java
|
b7c06ea06a7d18d02becb100958d47c9d96369b5 |
21-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add userId to RecoverableKeyStoreDb We need to store the userId (i.e., the uid of the *profile*, not the app), as well as the app uid. This is because when the screen is unlocked, the unlock is associated with a specific user profile, not a specific app. So at that point we need to look up all keys that are pending sync for that *user*, and upload them to the remote storage. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I6c456cca8974f5e1a15dfde6e9dd4e6bf4c16065
ecoverableKeyGeneratorTest.java
torage/RecoverableKeyStoreDbTest.java
|
24721ea0f744e0271f005d057e7972a965544485 |
21-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Add tests for KeySyncUtils now that SecureBox is available"
|
e16fa98a9e3714504aa0b2e73bbda88db02dfae8 |
20-Dec-2017 |
Robert Berry <robertberry@google.com> |
Implement startRecoverySession Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I25e99f6014ef5e831420367040de7e1a80f134f0
ecoverableKeyStoreManagerTest.java
torage/RecoverySessionStorageTest.java
|
5d50100e1579be4126672b9c087168091e9d83cc |
20-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Use RecoverableKeyStoreDb in RecoverableKeyGenerator"
|
6c1ee5243772d307606aff0e00d5b77455a8212b |
20-Dec-2017 |
Robert Berry <robertberry@google.com> |
Back PlatformKeyManager with database It was previously using SharedPreferences Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I76a75edb93a3feca645e49162c0d8b3e9485385b
latformKeyManagerTest.java
|
cbd4b2f46fda2cd2ea81b60e341ea64dab1d8b9d |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add tests for KeySyncUtils now that SecureBox is available SecureBox is to be merged before this. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I40f783c165faa595c8913ff073915726ae71524d
eySyncUtilsTest.java
|
a244b2ed034d778b5cb1a42755b209850b31c7b2 |
19-Dec-2017 |
Robert Berry <robertberry@google.com> |
Use RecoverableKeyStoreDb in RecoverableKeyGenerator This removes the layer of abstraction provided by RecoverableKeyStorage, as it doesn't seem particularly useful, given how easy it is to just use the real classes in tests. This also hooks up actually saving to the database. I've modified the class so that you can have a single instance for generating keys and just pass the 'uid' through, rather than having to create a new instance per uid. I think this will simplify its use. Also it no longer returns the key handle. As you can just get it out of the AndroidKeyStore yourself, it doesn't seem useful to have the method also do that. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ice144a84690150648cbb5da64c8a4cecc2576349
ecoverableKeyGeneratorTest.java
ecoverableKeyStorageImplTest.java
|
8226fd9e7d9bbf2b9d3f2293e788628ef229b136 |
20-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Add storage for platform key IDs to SQLite db"
|
c69d8097e5fb63de6ff66f252012506bd5406c7c |
19-Dec-2017 |
Bo Zhu <bozhu@google.com> |
Implement the SecureBox crypto functions SecureBox provides a set of simple interfaces for performing encryptions and decryptions, by using a public key owned by the recipient and/or a secret shared by the sender and the recipient. Bug: 69056040 Change-Id: I45abd7ec5d6f1fd6f6e3ad6d84352958dd838dd7 Fixes: 69056040 Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
ecureBoxTest.java
|
bc08840440d5121035244d8fd45a857becf3b7bb |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add storage for platform key IDs to SQLite db Also fix UNIQUE constraint for keys table and add test. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I868cc4385b6557135ef1d40b39f23c0383453ca3
torage/RecoverableKeyStoreDbTest.java
|
a9fae14c3345aa91721dfbb54dee8d7572a81ba8 |
11-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add PlatformKeyManager helper for RecoverableKeyStoreLoader Manages generating the platform key and then loading it into AndroidKeyStore with different permissions for 'decrypt' and 'encrypt'. Encrypt should be always available, so as to enable us to generate application keys at any time, and be able to sync them wrapped with the platform key to disk. Decrypt should only be available shortly after a screen unlock - i.e., so that we can unwrap the keys persisted to disk, then rewrap them with the recovery key and sync them to the remote storage. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I7575ea1c3c78d5544ef763324ac47dffb3993b55
latformKeyManagerTest.java
|
67b228c4ee0d0f936e2bdeb4aebb8ad052bf432b |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add PlatformEncryptionKey (again) Version 2 of this. The other change had to be reverted due to breaking the build. This is almost identical, just with some additional fixes for the database api. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I02928a9351739673bdffec55013c6ee7789edc1c
ecoverableKeyGeneratorTest.java
rappedKeyTest.java
torage/RecoverableKeyStoreDbTest.java
|
53b2d749240f8c689b04155a960b75c40c00aba8 |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Revert "Add platform key generation ID to WrappedKey instances""
|
fd58c9bca2e84c6384ff2248c94bc0da801495f7 |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Revert "Add platform key generation ID to WrappedKey instances" This reverts commit 9fa18c621e82d4a6e2b647fc3268ddc89e64b73c. Reason for revert: broke the build, sorry Change-Id: I6425160e9ac565664e25ee5c92ce1a5813dd4c28
ecoverableKeyGeneratorTest.java
rappedKeyTest.java
|
fa44a6714e24fc4023120e9e96ce8144c3de7387 |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Add RecoverableKeyStoreDb"
|
01232ca55c7b911b4aa1db582014e67dc407e70c |
18-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Add recovery flow utils to KeySyncUtils"
|
76cf0831e030e42ffc0ffa24abd58350eea046e9 |
16-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add RecoverableKeyStoreDb Adds database for storing recoverable keys. They are indexed by the uid of the application that created them, and the alias of the key. This is the same alias that is used to get the key from AndroidKeyStore. The database stores the wrapped key, and the version of the platform key that did the wrapping. It also stores information about when the key was last synced. This is used to get the status of the key. e.g., if the platform key id is not the current platform key id, this is now an unsyncable key. If the last-synced time is not set, this is a valid key but one that has not yet been synced. etc., etc. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I4960452abcdd16c9f39a1f166a086a52dd2f05c0
torage/RecoverableKeyStoreDbTest.java
|
235dc9da69049e9910febf664df3908363efbc42 |
15-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add recovery flow utils to KeySyncUtils Currently KeySyncUtils only contains methods for the backup to cloud flow. This adds utility methods for the restore flow, also. We still haven't merged SecureBox, so the class they defer to at the moment throws for most of these methods, meaning we can't yet add meaningful unit tests. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I27fe8b33dd239488b11f2863b67af4575fa82b47
eySyncUtilsTest.java
|
9fa18c621e82d4a6e2b647fc3268ddc89e64b73c |
14-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add platform key generation ID to WrappedKey instances This is so that when we persist them, we can tell that they were wrapped with a specific version of the platform key. This will be useful for us to provide error messages to the users of recoverable keys. (i.e., in the case where the user had an application key that was wrapped with a platform key that is no longer valid, they MUST rotate key.) Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I91569bcaf23b49d89a9caa9d313d9c93952b620d
ecoverableKeyGeneratorTest.java
rappedKeyTest.java
|
57019387b8caf16e1af33d444d0b955e440af0de |
15-Dec-2017 |
Robert Berry <robertberry@google.com> |
Throw on attempt to unwrap a WrappedKey with old PlatformKey Also brings the decrypt key inline with the representation in ag/3362855. When getting the latest decrypt/encrypt key we will always want to know the generation ID, so that we can either persist that information with the WrappedKey, or check against WrappedKeys we're attempting to decrypt. As such it makes sense to have methods return a class that wraps the key and ID, as they always belong together. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: I2c7e97af9ed87216ff2f133a1e3efd546431ab7e
rappedKeyTest.java
|
09f48f3111a94c6582befbd10e858201b3eb012e |
15-Dec-2017 |
Robert Berry <robertberry@google.com> |
Merge "Implement RecoverableKeyStoreLoader loading keys into users' keystores"
|
d416ed5362125619ca715e1b748a434c04322801 |
13-Dec-2017 |
Robert Berry <robertberry@google.com> |
Add KeySyncUtils Static methods to help with the RecoverableKeyStoreLoader remote sync flow. Test: adb shell am instrument -w -e package com.android.server.locksettings.recoverablekeystore com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner Change-Id: Ibd5a8f6c9ee2d4d118a9e6be9b813e192205d6dc
eySyncUtilsTest.java
rappedKeyTest.java
|
38321c7a29b058b47a3b17a704e7a1543fd6ab8e |
11-Dec-2017 |
Robert Berry <robertberry@google.com> |
Implement RecoverableKeyStoreLoader loading keys into users' keystores The loader needs to be able to save keys into a particular app's keystore. This ought to work as the service will run with root privileges. Test: adb shell am instrument -w -e package android.security.recoverablekeystore com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner Change-Id: I9722df361ccc93cbf2afb73ea09f8c7af687eaff
ecoverableKeyStorageImplTest.java
|
5397d4d574f7a420451c55533b5af26b07e4b207 |
12-Dec-2017 |
Robert Berry <robertberry@google.com> |
Move recoverablekeystore package under services As these helpers will be used by the service, these properly belong there. Test: Unit tests. Change-Id: I4fb4fe2ed52581790421885680473a7b9638f332
ecoverableKeyGeneratorTest.java
rappedKeyTest.java
|