| ee8068b9e7bfb2770635062fc9c2035be2142bd8 |
07-Oct-2013 |
Kenny Root <kroot@google.com> |
Set encrypted flag when appropriate
"generate" and "put" were not setting the encrypted flag in the blob
written to disk. Add setting the flag whenever appropriate for these
functions.
Additinally, the master key should always be encrypted.
Bug: 11113056
Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
eystore.cpp
|
| 86b16e8c0d353af97f0411917789308dba417295 |
09-Sep-2013 |
Kenny Root <kroot@google.com> |
Move key name creation to common path
Bug: 10676015
Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
eystore.cpp
|
| 1b0e3933900c7ea21189704d5db64e7346aee7af |
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 17208e0de5a42722901d803118745cca25fd10c1 |
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations
Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.
Bug: 10600582
Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
ndroid.mk
nclude/keystore/keystore.h
eyblob_utils.cpp
eystore.cpp
|
| 96427baf0094d50047049d329b0779c3c910402c |
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
(cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d)
Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
KeystoreService.cpp
efaults.h
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 0fa9b7f8ffa47fee236656ce0a2f03250f86c9dc |
24-Jun-2013 |
Kenny Root <kroot@android.com> |
am a65d5236: Merge "Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips."
* commit 'a65d5236d0823b5ef72554ffb3ec15ae02596047':
Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips.
|
| a77e809ecff5190790906fb7a3c527259c735071 |
14-Jun-2013 |
Douglas Leung <douglas@mips.com> |
Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips.
Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029
Signed-off-by: Douglas Leung <douglas@mips.com>
eystore.cpp
|
| 60898896c3f3b2245d10076cac64346c956dbaa5 |
17-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix import as other UIDs
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
(cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063)
Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
eystore.cpp
|
| 360f51f7af191316cd739f229db1c5f7233be063 |
17-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix import as other UIDs
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
Bug: 8634328
Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5
eystore.cpp
|
| f9119d6414f43ef669d64e9e53feb043eda49cf3 |
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
(cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c)
Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
nclude/keystore/keystore.h
eystore.cpp
eystore_cli.cpp
|
| 5f53124250025d3113c9c598a2f101330144b10c |
12-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix bug in clear_uid
(cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66)
Bug: 8566369
Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
eystore.cpp
|
| 5d884972cac7c20b6b1c9ad9148872b07c974e69 |
13-Apr-2013 |
Kenny Root <kroot@google.com> |
Merge "keystore: Add flag for blobs to be unencrypted" into jb-mr2-dev
|
| aae26fc0e58c99ac8e0df69b913523e81fa15d66 |
12-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix bug in clear_uid
Bug: 8566369
Change-Id: I92a37bb709bc491a305cf5b6a5e68b6ac1a8aa24
eystore.cpp
|
| 0c540aad5915e6aa34345049be96f28b64d0e84c |
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
nclude/keystore/keystore.h
eystore.cpp
eystore_cli.cpp
|
| a6fe620941f04b55ecefb8f82d866a264cac9b9e |
10-Apr-2013 |
Ying Wang <wangying@google.com> |
Add liblog
Bug: 8580410
Change-Id: I0d9b208021c35ad37fdbc4518aa6e76d65184c25
ndroid.mk
|
| 68b4631982761f3fdad8886fb7bb81defad79363 |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add multi-user support
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
(cherry picked from commit 655b958eb2180c7c06889f83f606d23421bf038c)
Bug: 7249554
Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7
eystore.cpp
|
| 655b958eb2180c7c06889f83f606d23421bf038c |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add multi-user support
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
Bug: 7249554
Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
eystore.cpp
|
| 4d93d24624f270f024b7d4b9d3bf6c11a1e209a6 |
05-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix inverted hardware keystore check
Check should be that the 'is_software' flag is off.
(cherry picked from commit 483407eaca108d3717bb49770915d6d95d5d0e0c)
Change-Id: I031a035beeec581e9af2207ae37c39aa39e3539c
eystore.cpp
|
| 483407eaca108d3717bb49770915d6d95d5d0e0c |
05-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix inverted hardware keystore check
Check should be that the 'is_software' flag is off.
Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
eystore.cpp
|
| 2ca3b1b25e8ceb841396061a318d3a043cbfcb54 |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
Fix CL split and build
(cherry picked from commit ff620c25d1af495c74cdeb4e5a652adf6858cf88)
Change-Id: I8cdf964a6ca8ad0206b263dfcab297fd894f6927
eystore.cpp
|
| ff620c25d1af495c74cdeb4e5a652adf6858cf88 |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
Fix CL split and build
Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
eystore.cpp
|
| 7a310fbb5815b3c1ad965d58f4976afca2a721c6 |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix upgrades
During an upgrade, a blob would be written out to disk. Whenever a blob
is written to disk, it is encrypted in-place. After upgrade, keystore
would attempt to use the blob, but get garbage instead of what it
expected since it was encrypted.
This moves the work of writing up a level so it can then re-read the
blob after upgrade.
(cherry picked from commit cfeae072c96d84f286ddbf0aff8055c12c7c4f15)
Bug: 7249554
Change-Id: I1be5ecafa6d39fdcce10d9d3623f23440cac8c6e
eystore.cpp
|
| cfeae072c96d84f286ddbf0aff8055c12c7c4f15 |
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix upgrades
During an upgrade, a blob would be written out to disk. Whenever a blob
is written to disk, it is encrypted in-place. After upgrade, keystore
would attempt to use the blob, but get garbage instead of what it
expected since it was encrypted.
This moves the work of writing up a level so it can then re-read the
blob after upgrade.
Bug: 7249554
Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
eystore.cpp
|
| 2ecc7a1efbb21d86d38b9e0348dfbf0e1213d920 |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID
Add ability for system UID to clear all entries for a different UID.
(cherry picked from commit a9bb549868035e05450a9b918f8d7de9deca5343)
Bug: 3020069
Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| a9bb549868035e05450a9b918f8d7de9deca5343 |
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID
Add ability for system UID to clear all entries for a different UID.
Bug: 3020069
Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 4306123e81371bd8bd85f77c2375d29ac53ff771 |
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type
Add an API to query the HAL to see what kind of storage it reports the
device is.
(cherry picked from commit 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d)
Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d |
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type
Add an API to query the HAL to see what kind of storage it reports the
device is.
Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 0225407783ee339164a0cd8ca5ef04c99d27c59a |
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
|
| 494689083467ec372a58f094f041c8f102f39393 |
19-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: allow system UID to WiFi or VPN
Previously we redirected all calls from the wifi or vpn UIDs to the
system UID's namespace. This switches the paradigm to allow system to
write into wifi and vpn UID keystore spaces instead.
Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
eystore.cpp
|
| 9d45d1caba5135e6b8bd6d05d449e8dcf52b6802 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: Check for unlock, not for specific state
Most callers only care if the keystore is unlocked for use and not
whether it's in a specific state. Change this now so we can change the
states later.
Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
eystore.cpp
|
| e289c404b9d2735fbd67c42086e33c972b46aa33 |
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: return null instead of empty list
During a failure, return a null value instead of an empty list.
Change-Id: I34763c90eb65b0ed6bbe2757310992541feeb1a8
KeystoreService.cpp
|
| b88c3eb96625513df4cc998d739d17266ebaf89f |
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs
This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.
Change-Id: Ifc321a714d874a1142890138101ce4166906f413
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
eystore.cpp
eystore_cli.cpp
|
| d38a0b07a3104fcb1e747a0fa06641dee8fc058f |
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: rename uid to callingUid
Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
eystore.cpp
|
| 70c9889c5ca912e7c492580e1999f18ab65b267b |
07-Feb-2013 |
Kenny Root <kroot@google.com> |
Remove Value and ValueString classes
This was left-over from previous changes and nothing really used it any
more.
Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
eystore.cpp
|
| a806bbd518ff3e67e4d4efb937ff8f23bae18585 |
05-Feb-2013 |
Kenny Root <kroot@google.com> |
Merge "Fix for error condition in IKeystoreService"
|
| b03c9fb5f9c058a8ae0485c986a8ab934ab73eaa |
05-Feb-2013 |
Kenny Root <kroot@google.com> |
Fix for error condition in IKeystoreService
When an error condition happens, keystore might memcpy a NULL pointer
which would cause a SIGSEGV. Avoid trying to copy it in that case.
Bug: 8019596
Change-Id: Ifcfc75401c41595fc2c2f0172c718c8d3bb93020
KeystoreService.cpp
|
| 36a9e231e03734cd2143383d26388455c1764e17 |
04-Feb-2013 |
Kenny Root <kroot@google.com> |
Fix mtime via Binder
Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
eystore.cpp
|
| 5281edbc9445065479e92a6c86da462f3943c2ca |
22-Nov-2012 |
Kenny Root <kroot@google.com> |
Actually terminate on EOF
Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
eystore.cpp
|
| 6a9cafc30a90b3dfd188212a105ef57c32ed7541 |
16-Nov-2012 |
Kenny Root <kroot@google.com> |
Add Android.mk as a dependency as well
Change-Id: I19e91eb766fcc55e9a610421a67a7c8706fdaa46
ndroid.mk
|
| 150ca934edb745de3666a6492b039900df228ff0 |
14-Nov-2012 |
Kenny Root <kroot@google.com> |
EINTR handling and debugging for error cases
Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY
while others were. Add them where necessary.
Additionally, some error cases were not logging any messages so things
would mysteriously fail if there was an underlying filesystem problem.
Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
eystore.cpp
|
| 07438c8d7256d3788dac323b4d0055f201e0bec9 |
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder
Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
ndroid.mk
KeystoreService.cpp
nclude/keystore/IKeystoreService.h
nclude/keystore/keystore.h
nclude/keystore/keystore_get.h
eystore.cpp
eystore.h
eystore_cli.cpp
eystore_client.cpp
eystore_client.h
eystore_get.cpp
eystore_get.h
|
| c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997 |
14-Sep-2012 |
Pavel Chupin <pavel.v.chupin@intel.com> |
Add casts to avoid build warnings with gcc-4.7
Example:
keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]'
from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}'
Change-Id: I8cd239880821724050d1716b78851807e0246ef2
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
eystore.cpp
eystore_client.cpp
|
| 344e0bc23ca46b9acec97ac8bcd87949bde0ccab |
15-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime command for keys
This allows you to check when a key was last modified.
Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
eystore.cpp
eystore.h
|
| 9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae |
14-Aug-2012 |
Kenny Root <kroot@google.com> |
keymaster HAL users don't need delete_keypair
The keymaster HAL implementations don't need the delete_keypair method,
but keystore currently throws an error when it's not implemented. This
causes problems with at least the OpenSSL software implementation.
Bug: 6985351
Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
eystore.cpp
|
| a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1 |
17-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Handle keynames with special characters such as - and .
Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950
(cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1)
Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555
eystore.cpp
|
| e95ce35d10d6e0a7315a57f30d9c88d89880a4e1 |
07-Apr-2012 |
Amith Yamasani <yamasani@google.com> |
Allow calls from secondary user Settings app.
This is so that Face Unlock can be a valid option for a lockscreen.
Otherwise get a PERMISSION_DENIED when uid = 101000.
Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
eystore.cpp
|
| da1ed9ab99c00698af64ec655ff668efffe2960d |
10-Apr-2012 |
Kenny Root <kroot@google.com> |
Turn on extra compiler checks
Turn on the compiler flags -Wall -Wextra -Werror to make sure no
compiler warnings are added to the project.
Eliminate all unused arguments. Remove unused variables in code.
Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
ndroid.mk
eystore.cpp
|
| 822c3a99d930e9299e2fad2fb3e0ff91b119b95a |
24-Mar-2012 |
Kenny Root <kroot@google.com> |
Add support for upgrading key types
Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.
Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
ndroid.mk
eyblob_utils.cpp
eystore.cpp
eystore.h
|
| 298e7b1b0f9116e2054d594d7538379d86585035 |
26-Mar-2012 |
Kenny Root <kroot@google.com> |
Add keymaster delete_all call on reset
To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.
Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
eystore.cpp
|
| 70e3a86abd2c412d602a018967c01c177eb6cf4e |
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Add keymaster to keystore with soft implementation
Add hardware crypto capabilities to keystore. This allows hardware
escrow of private key material.
There is also an OpenSSL engine that connects to keystore to allow use
of the keystore keys from native code built into the platform.
This includes a software implementation of keymaster using OpenSSL
as the backend. This is just as insecure as the previous solution,
but it's needed so devices without hardware support can continue
to operate in the new scheme without a lot of compatibility code.
Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
ndroid.mk
eystore.cpp
eystore.h
|
| 5187818895c4c5f650a611c40531b1dff7764c18 |
13-Mar-2012 |
Kenny Root <kroot@google.com> |
keystore_client shared library
Add a libkeystore_client.so library for clients to use.
Add const-correctness to the keystore.cpp classes.
Increase maximum arguments for future work.
Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
ndroid.mk
eystore.cpp
eystore.h
eystore_client.cpp
eystore_client.h
|
| a91203b08350b2fc7efda5b1eab39e7541476b3a |
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Move keystore from frameworks/base
Move keystore from frameworks/base at commit
57ff581bd9b16a192a567f84d0e0a5c82d866343
Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906
ndroid.mk
eystore.cpp
eystore.h
eystore_cli.cpp
eystore_get.h
est-keystore
|