| f0246a8a14d69680d1776620e75a485cf963e574 |
|
13-Aug-2014 |
Robin Lee <rgl@google.com> |
Keep managed profile keystores in sync with owner
Fixes setting a keyguard password for keystore in a multi-user setup
while we're at it.
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| b91773bce1126d28a93f73fbef18f3a79245f24e |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| a39859889b7de0ad3190386cc732fa4bdcbe5504 |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
(cherry picked from commit f64386fc26efeb245fd90fabaa47b8c8bf9b4613)
Bug: 10600582
Change-Id: I88dfcc8ca602f55fad54bd8bf043aee460c0de24
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| e7cf8c230208beef0c3a5f83a1e1d2c36ac5ca12 |
|
13-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: remove old APIs
Remove the APIs that don't specify the flags so callers know what
they're getting.
Bug: 8122243
Change-Id: Ifaef6fb1d16010237c01f9d11f2053bb6b3980c0
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3 |
|
10-Apr-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: Add encrypted flag
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| a3788b00bb221e20abdd42f747d2af419e0a088c |
|
10-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| d72317abd79ddf95d48c8f35bf1070900ff55b5e |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
Remove keystore entries when package removed
Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.
(cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd)
Bug: 3020069
Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 5cb5cec6a4a4d5432d4ce6468c12de9508db1633 |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to query storage type
Add an API to keystore daemon to query what kind of storage is currently
in use.
(cherry picked from commit a738e2a1aee26e0be3944c11820724aeca313f83)
Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 5f1d965f7d7e1df50981ffed8faa11fbcc17ca22 |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: change migrate to duplicate
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| bd79419ef84ae31f3765721b50aa413fa462d1d1 |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add "migrate" command
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 78ad849163a7b01073b46fbd7d818392720005d1 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to uid versions
In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.
Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.
Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| b9594ce9ebb3f5f303a280f04312ae5754ce3560 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: stop using state()
Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| e151f281d527f4bea5cbdf4219d5e0507a6668b0 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
Track keystore binder changes
Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| e66769ad5194cb4533d1087416a2e804ac384285 |
|
05-Feb-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: return error code on error
Instead of blindly multiplying return value by 1000 to convert to
milliseconds, check to see if it's an error condition first.
Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 8b58c52bf4cc276165b1857eb4087eabde7b6477 |
|
04-Feb-2013 |
Kenny Root <kroot@google.com> |
AndroidKeyStore: fix tests
Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 6b77645aa9ac51ce33ea67adba226aaf1a6e8846 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder
Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 473c712b19bad992ab4eafcd43175fdce77b913d |
|
18-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime to Android KeyStore API
java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.
Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 5b1f037829bff93877a6257db69f4e7723a27e20 |
|
31-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Change KeyStore to use Modified UTF-8 to match NativeCrypto
Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713
Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 5423e68d5dbe048ec6f042cce52a33f94184e9fb |
|
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 7e4b1a488dd02c4bf6156379e36834e9e01c5b1b |
|
02-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Restore ResponseCodes for use with getLastError
Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 5cfee3fabb3482c6a6df1c8b6f21e843cf214527 |
|
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 1 of 4)
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 46703b099516c383a6882815bcf9cd4df0ec538d |
|
07-Apr-2011 |
Brian Carlstrom <bdc@google.com> |
Tolerate missing AccountManager resource, not just missing resource name
In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator.
Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 34c47c855815d731e6deb55748ff690b0ec7b53f |
|
09-Mar-2010 |
Nick Kralevich <nnk@google.com> |
Don't rely on the system locale for converting to/from bytes.
By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.
Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.
Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.
Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| d12feb97667498378a472c5a7895a9fcd8056ec5 |
|
06-Feb-2010 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: minor improvements.
Make constants final.
Only converts ArrayLists to arrays when necessary.
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| f1ece5d0c16fa3e79390e41ad9bec020c77d7720 |
|
24-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: return null when response code indicates an error.
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 613fcc850686dfe71cec9809c3694be9cf02cdc7 |
|
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: rename scan() to saw().
/frameworks/base/keystore/java/android/security/KeyStore.java
|
| 44039172627d1c15737ea73836ad375559d76211 |
|
21-Sep-2009 |
Chia-chi Yeh <chiachi@android.com> |
KeyStore: add java interface.
/frameworks/base/keystore/java/android/security/KeyStore.java
|