Cross Reference: /system/security/keystore/keystore.cpp

History log of /system/security/keystore/keystore.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ee8068b9e7bfb2770635062fc9c2035be2142bd8	07-Oct-2013	Kenny Root <kroot@google.com>	Set encrypted flag when appropriate "generate" and "put" were not setting the encrypted flag in the blob written to disk. Add setting the flag whenever appropriate for these functions. Additinally, the master key should always be encrypted. Bug: 11113056 Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80 /system/security/keystore/keystore.cpp
86b16e8c0d353af97f0411917789308dba417295	09-Sep-2013	Kenny Root <kroot@google.com>	Move key name creation to common path Bug: 10676015 Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74 /system/security/keystore/keystore.cpp
1b0e3933900c7ea21189704d5db64e7346aee7af	05-Sep-2013	Kenny Root <kroot@google.com>	Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711 /system/security/keystore/keystore.cpp
17208e0de5a42722901d803118745cca25fd10c1	04-Sep-2013	Kenny Root <kroot@google.com>	Provide fallback for keymaster implementations Some implementations won't support ECDSA or DSA, so provide a fallback for them by using the softkeymaster implementation. This will allow us to universally support ECDSA and DSA on all platforms regardless of HAL version. Bug: 10600582 Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86 /system/security/keystore/keystore.cpp
96427baf0094d50047049d329b0779c3c910402c	16-Aug-2013	Kenny Root <kroot@google.com>	Add support for DSA and ECDSA key types (cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618 /system/security/keystore/keystore.cpp
a77e809ecff5190790906fb7a3c527259c735071	14-Jun-2013	Douglas Leung <douglas@mips.com>	Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips. Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029 Signed-off-by: Douglas Leung <douglas@mips.com> /system/security/keystore/keystore.cpp
60898896c3f3b2245d10076cac64346c956dbaa5	17-Apr-2013	Kenny Root <kroot@google.com>	keystore: fix import as other UIDs The targetUid was not being used as the user to store the key as, so it was ending up under the calling UID. This change matches the code for insert and generate now. (cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063) Bug: 8634328 Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d /system/security/keystore/keystore.cpp
f9119d6414f43ef669d64e9e53feb043eda49cf3	03-Apr-2013	Kenny Root <kroot@google.com>	keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c) Bug: 8122243 Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a /system/security/keystore/keystore.cpp
5f53124250025d3113c9c598a2f101330144b10c	12-Apr-2013	Kenny Root <kroot@google.com>	keystore: fix bug in clear_uid (cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66) Bug: 8566369 Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720 /system/security/keystore/keystore.cpp
655b958eb2180c7c06889f83f606d23421bf038c	04-Apr-2013	Kenny Root <kroot@google.com>	keystore: Add multi-user support Split the directories out per-user. Each Android user ID gets its own directory and master key. This gives each user its own locked/unlocked state. Add migration code that converts existing keystores to this scheme. This even migrates keys that used the non-public API, but only for the primary user. The secondary users may have a different lock screen pattern that would no longer work to unlock the master key. Bug: 7249554 Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573 /system/security/keystore/keystore.cpp
483407eaca108d3717bb49770915d6d95d5d0e0c	05-Apr-2013	Kenny Root <kroot@google.com>	keystore: fix inverted hardware keystore check Check should be that the 'is_software' flag is off. Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89 /system/security/keystore/keystore.cpp
ff620c25d1af495c74cdeb4e5a652adf6858cf88	04-Apr-2013	Kenny Root <kroot@google.com>	Fix CL split and build Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463 /system/security/keystore/keystore.cpp
cfeae072c96d84f286ddbf0aff8055c12c7c4f15	04-Apr-2013	Kenny Root <kroot@google.com>	keystore: fix upgrades During an upgrade, a blob would be written out to disk. Whenever a blob is written to disk, it is encrypted in-place. After upgrade, keystore would attempt to use the blob, but get garbage instead of what it expected since it was encrypted. This moves the work of writing up a level so it can then re-read the blob after upgrade. Bug: 7249554 Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15 /system/security/keystore/keystore.cpp
a9bb549868035e05450a9b918f8d7de9deca5343	02-Apr-2013	Kenny Root <kroot@google.com>	keystore: command to clear all keys for UID Add ability for system UID to clear all entries for a different UID. Bug: 3020069 Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4 /system/security/keystore/keystore.cpp
8ddf35a6e1fd80a7d0685041d2bfc77078277c9d	29-Mar-2013	Kenny Root <kroot@google.com>	keystore: add API to query storage type Add an API to query the HAL to see what kind of storage it reports the device is. Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca /system/security/keystore/keystore.cpp
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf	21-Mar-2013	Kenny Root <kroot@google.com>	keystore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f /system/security/keystore/keystore.cpp
0225407783ee339164a0cd8ca5ef04c99d27c59a	20-Mar-2013	Kenny Root <kroot@google.com>	keystore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f /system/security/keystore/keystore.cpp
494689083467ec372a58f094f041c8f102f39393	19-Mar-2013	Kenny Root <kroot@google.com>	keystore: allow system UID to WiFi or VPN Previously we redirected all calls from the wifi or vpn UIDs to the system UID's namespace. This switches the paradigm to allow system to write into wifi and vpn UID keystore spaces instead. Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe /system/security/keystore/keystore.cpp
9d45d1caba5135e6b8bd6d05d449e8dcf52b6802	14-Feb-2013	Kenny Root <kroot@google.com>	keystore: Check for unlock, not for specific state Most callers only care if the keystore is unlocked for use and not whether it's in a specific state. Change this now so we can change the states later. Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87 /system/security/keystore/keystore.cpp
b88c3eb96625513df4cc998d739d17266ebaf89f	13-Feb-2013	Kenny Root <kroot@google.com>	keystore: add UID to certain APIs This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413 /system/security/keystore/keystore.cpp
d38a0b07a3104fcb1e747a0fa06641dee8fc058f	13-Feb-2013	Kenny Root <kroot@google.com>	keystore: rename uid to callingUid Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259 /system/security/keystore/keystore.cpp
70c9889c5ca912e7c492580e1999f18ab65b267b	07-Feb-2013	Kenny Root <kroot@google.com>	Remove Value and ValueString classes This was left-over from previous changes and nothing really used it any more. Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26 /system/security/keystore/keystore.cpp
36a9e231e03734cd2143383d26388455c1764e17	04-Feb-2013	Kenny Root <kroot@google.com>	Fix mtime via Binder Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f /system/security/keystore/keystore.cpp
5281edbc9445065479e92a6c86da462f3943c2ca	22-Nov-2012	Kenny Root <kroot@google.com>	Actually terminate on EOF Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4 /system/security/keystore/keystore.cpp
150ca934edb745de3666a6492b039900df228ff0	14-Nov-2012	Kenny Root <kroot@google.com>	EINTR handling and debugging for error cases Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY while others were. Add them where necessary. Additionally, some error cases were not logging any messages so things would mysteriously fail if there was an underlying filesystem problem. Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8 /system/security/keystore/keystore.cpp
07438c8d7256d3788dac323b4d0055f201e0bec9	02-Nov-2012	Kenny Root <kroot@google.com>	Switch keystore to binder Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b /system/security/keystore/keystore.cpp
c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997	14-Sep-2012	Pavel Chupin <pavel.v.chupin@intel.com>	Add casts to avoid build warnings with gcc-4.7 Example: keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]' from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}' Change-Id: I8cd239880821724050d1716b78851807e0246ef2 Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com> /system/security/keystore/keystore.cpp
344e0bc23ca46b9acec97ac8bcd87949bde0ccab	15-Aug-2012	Kenny Root <kroot@google.com>	Add getmtime command for keys This allows you to check when a key was last modified. Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d /system/security/keystore/keystore.cpp
9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae	14-Aug-2012	Kenny Root <kroot@google.com>	keymaster HAL users don't need delete_keypair The keymaster HAL implementations don't need the delete_keypair method, but keystore currently throws an error when it's not implemented. This causes problems with at least the OpenSSL software implementation. Bug: 6985351 Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8 /system/security/keystore/keystore.cpp
a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1	17-Jul-2012	Brian Carlstrom <bdc@google.com>	Handle keynames with special characters such as - and . Bug: http://code.google.com/p/android/issues/detail?id=34577 Bug: 6837950 (cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1) Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555 /system/security/keystore/keystore.cpp
e95ce35d10d6e0a7315a57f30d9c88d89880a4e1	07-Apr-2012	Amith Yamasani <yamasani@google.com>	Allow calls from secondary user Settings app. This is so that Face Unlock can be a valid option for a lockscreen. Otherwise get a PERMISSION_DENIED when uid = 101000. Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e /system/security/keystore/keystore.cpp
da1ed9ab99c00698af64ec655ff668efffe2960d	10-Apr-2012	Kenny Root <kroot@google.com>	Turn on extra compiler checks Turn on the compiler flags -Wall -Wextra -Werror to make sure no compiler warnings are added to the project. Eliminate all unused arguments. Remove unused variables in code. Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c /system/security/keystore/keystore.cpp
822c3a99d930e9299e2fad2fb3e0ff91b119b95a	24-Mar-2012	Kenny Root <kroot@google.com>	Add support for upgrading key types Old key types were not distinguished by the keystore itself. This change takes some of the reserved fields in the old format and changes it to a version number and key type. Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996 /system/security/keystore/keystore.cpp
298e7b1b0f9116e2054d594d7538379d86585035	26-Mar-2012	Kenny Root <kroot@google.com>	Add keymaster delete_all call on reset To allow efficient deletion by hardware keymaster modules, add a direct delete_all call when keystore is reset. This will also probably fix problems where the hardware keymaster gets more keys than keystore knows about and fills up its storage. Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2 /system/security/keystore/keystore.cpp
70e3a86abd2c412d602a018967c01c177eb6cf4e	16-Feb-2012	Kenny Root <kroot@google.com>	Add keymaster to keystore with soft implementation Add hardware crypto capabilities to keystore. This allows hardware escrow of private key material. There is also an OpenSSL engine that connects to keystore to allow use of the keystore keys from native code built into the platform. This includes a software implementation of keymaster using OpenSSL as the backend. This is just as insecure as the previous solution, but it's needed so devices without hardware support can continue to operate in the new scheme without a lot of compatibility code. Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f /system/security/keystore/keystore.cpp
5187818895c4c5f650a611c40531b1dff7764c18	13-Mar-2012	Kenny Root <kroot@google.com>	keystore_client shared library Add a libkeystore_client.so library for clients to use. Add const-correctness to the keystore.cpp classes. Increase maximum arguments for future work. Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2 /system/security/keystore/keystore.cpp
a91203b08350b2fc7efda5b1eab39e7541476b3a	16-Feb-2012	Kenny Root <kroot@google.com>	Move keystore from frameworks/base Move keystore from frameworks/base at commit 57ff581bd9b16a192a567f84d0e0a5c82d866343 Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906 /system/security/keystore/keystore.cpp