ee8068b9e7bfb2770635062fc9c2035be2142bd8 |
|
07-Oct-2013 |
Kenny Root <kroot@google.com> |
Set encrypted flag when appropriate "generate" and "put" were not setting the encrypted flag in the blob written to disk. Add setting the flag whenever appropriate for these functions. Additinally, the master key should always be encrypted. Bug: 11113056 Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
/system/security/keystore/keystore.cpp
|
86b16e8c0d353af97f0411917789308dba417295 |
|
09-Sep-2013 |
Kenny Root <kroot@google.com> |
Move key name creation to common path Bug: 10676015 Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
/system/security/keystore/keystore.cpp
|
1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/keystore.cpp
|
17208e0de5a42722901d803118745cca25fd10c1 |
|
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations Some implementations won't support ECDSA or DSA, so provide a fallback for them by using the softkeymaster implementation. This will allow us to universally support ECDSA and DSA on all platforms regardless of HAL version. Bug: 10600582 Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
/system/security/keystore/keystore.cpp
|
96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types (cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/keystore.cpp
|
a77e809ecff5190790906fb7a3c527259c735071 |
|
14-Jun-2013 |
Douglas Leung <douglas@mips.com> |
Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips. Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029 Signed-off-by: Douglas Leung <douglas@mips.com>
/system/security/keystore/keystore.cpp
|
60898896c3f3b2245d10076cac64346c956dbaa5 |
|
17-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix import as other UIDs The targetUid was not being used as the user to store the key as, so it was ending up under the calling UID. This change matches the code for insert and generate now. (cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063) Bug: 8634328 Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
/system/security/keystore/keystore.cpp
|
f9119d6414f43ef669d64e9e53feb043eda49cf3 |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c) Bug: 8122243 Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
/system/security/keystore/keystore.cpp
|
5f53124250025d3113c9c598a2f101330144b10c |
|
12-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix bug in clear_uid (cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66) Bug: 8566369 Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
/system/security/keystore/keystore.cpp
|
655b958eb2180c7c06889f83f606d23421bf038c |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add multi-user support Split the directories out per-user. Each Android user ID gets its own directory and master key. This gives each user its own locked/unlocked state. Add migration code that converts existing keystores to this scheme. This even migrates keys that used the non-public API, but only for the primary user. The secondary users may have a different lock screen pattern that would no longer work to unlock the master key. Bug: 7249554 Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
/system/security/keystore/keystore.cpp
|
483407eaca108d3717bb49770915d6d95d5d0e0c |
|
05-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix inverted hardware keystore check Check should be that the 'is_software' flag is off. Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
/system/security/keystore/keystore.cpp
|
ff620c25d1af495c74cdeb4e5a652adf6858cf88 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
Fix CL split and build Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
/system/security/keystore/keystore.cpp
|
cfeae072c96d84f286ddbf0aff8055c12c7c4f15 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix upgrades During an upgrade, a blob would be written out to disk. Whenever a blob is written to disk, it is encrypted in-place. After upgrade, keystore would attempt to use the blob, but get garbage instead of what it expected since it was encrypted. This moves the work of writing up a level so it can then re-read the blob after upgrade. Bug: 7249554 Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
/system/security/keystore/keystore.cpp
|
a9bb549868035e05450a9b918f8d7de9deca5343 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID Add ability for system UID to clear all entries for a different UID. Bug: 3020069 Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
/system/security/keystore/keystore.cpp
|
8ddf35a6e1fd80a7d0685041d2bfc77078277c9d |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type Add an API to query the HAL to see what kind of storage it reports the device is. Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
/system/security/keystore/keystore.cpp
|
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/keystore.cpp
|
0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/keystore.cpp
|
494689083467ec372a58f094f041c8f102f39393 |
|
19-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: allow system UID to WiFi or VPN Previously we redirected all calls from the wifi or vpn UIDs to the system UID's namespace. This switches the paradigm to allow system to write into wifi and vpn UID keystore spaces instead. Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
/system/security/keystore/keystore.cpp
|
9d45d1caba5135e6b8bd6d05d449e8dcf52b6802 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: Check for unlock, not for specific state Most callers only care if the keystore is unlocked for use and not whether it's in a specific state. Change this now so we can change the states later. Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
/system/security/keystore/keystore.cpp
|
b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/keystore.cpp
|
d38a0b07a3104fcb1e747a0fa06641dee8fc058f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: rename uid to callingUid Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
/system/security/keystore/keystore.cpp
|
70c9889c5ca912e7c492580e1999f18ab65b267b |
|
07-Feb-2013 |
Kenny Root <kroot@google.com> |
Remove Value and ValueString classes This was left-over from previous changes and nothing really used it any more. Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
/system/security/keystore/keystore.cpp
|
36a9e231e03734cd2143383d26388455c1764e17 |
|
04-Feb-2013 |
Kenny Root <kroot@google.com> |
Fix mtime via Binder Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
/system/security/keystore/keystore.cpp
|
5281edbc9445065479e92a6c86da462f3943c2ca |
|
22-Nov-2012 |
Kenny Root <kroot@google.com> |
Actually terminate on EOF Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
/system/security/keystore/keystore.cpp
|
150ca934edb745de3666a6492b039900df228ff0 |
|
14-Nov-2012 |
Kenny Root <kroot@google.com> |
EINTR handling and debugging for error cases Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY while others were. Add them where necessary. Additionally, some error cases were not logging any messages so things would mysteriously fail if there was an underlying filesystem problem. Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
/system/security/keystore/keystore.cpp
|
07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/keystore.cpp
|
c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997 |
|
14-Sep-2012 |
Pavel Chupin <pavel.v.chupin@intel.com> |
Add casts to avoid build warnings with gcc-4.7 Example: keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]' from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}' Change-Id: I8cd239880821724050d1716b78851807e0246ef2 Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
/system/security/keystore/keystore.cpp
|
344e0bc23ca46b9acec97ac8bcd87949bde0ccab |
|
15-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime command for keys This allows you to check when a key was last modified. Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
/system/security/keystore/keystore.cpp
|
9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae |
|
14-Aug-2012 |
Kenny Root <kroot@google.com> |
keymaster HAL users don't need delete_keypair The keymaster HAL implementations don't need the delete_keypair method, but keystore currently throws an error when it's not implemented. This causes problems with at least the OpenSSL software implementation. Bug: 6985351 Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
/system/security/keystore/keystore.cpp
|
a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1 |
|
17-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Handle keynames with special characters such as - and . Bug: http://code.google.com/p/android/issues/detail?id=34577 Bug: 6837950 (cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1) Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555
/system/security/keystore/keystore.cpp
|
e95ce35d10d6e0a7315a57f30d9c88d89880a4e1 |
|
07-Apr-2012 |
Amith Yamasani <yamasani@google.com> |
Allow calls from secondary user Settings app. This is so that Face Unlock can be a valid option for a lockscreen. Otherwise get a PERMISSION_DENIED when uid = 101000. Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
/system/security/keystore/keystore.cpp
|
da1ed9ab99c00698af64ec655ff668efffe2960d |
|
10-Apr-2012 |
Kenny Root <kroot@google.com> |
Turn on extra compiler checks Turn on the compiler flags -Wall -Wextra -Werror to make sure no compiler warnings are added to the project. Eliminate all unused arguments. Remove unused variables in code. Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
/system/security/keystore/keystore.cpp
|
822c3a99d930e9299e2fad2fb3e0ff91b119b95a |
|
24-Mar-2012 |
Kenny Root <kroot@google.com> |
Add support for upgrading key types Old key types were not distinguished by the keystore itself. This change takes some of the reserved fields in the old format and changes it to a version number and key type. Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
/system/security/keystore/keystore.cpp
|
298e7b1b0f9116e2054d594d7538379d86585035 |
|
26-Mar-2012 |
Kenny Root <kroot@google.com> |
Add keymaster delete_all call on reset To allow efficient deletion by hardware keymaster modules, add a direct delete_all call when keystore is reset. This will also probably fix problems where the hardware keymaster gets more keys than keystore knows about and fills up its storage. Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
/system/security/keystore/keystore.cpp
|
70e3a86abd2c412d602a018967c01c177eb6cf4e |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Add keymaster to keystore with soft implementation Add hardware crypto capabilities to keystore. This allows hardware escrow of private key material. There is also an OpenSSL engine that connects to keystore to allow use of the keystore keys from native code built into the platform. This includes a software implementation of keymaster using OpenSSL as the backend. This is just as insecure as the previous solution, but it's needed so devices without hardware support can continue to operate in the new scheme without a lot of compatibility code. Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
/system/security/keystore/keystore.cpp
|
5187818895c4c5f650a611c40531b1dff7764c18 |
|
13-Mar-2012 |
Kenny Root <kroot@google.com> |
keystore_client shared library Add a libkeystore_client.so library for clients to use. Add const-correctness to the keystore.cpp classes. Increase maximum arguments for future work. Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
/system/security/keystore/keystore.cpp
|
a91203b08350b2fc7efda5b1eab39e7541476b3a |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Move keystore from frameworks/base Move keystore from frameworks/base at commit 57ff581bd9b16a192a567f84d0e0a5c82d866343 Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906
/system/security/keystore/keystore.cpp
|