Cross Reference: /frameworks/base/keystore/java/android/security/KeyStore.java

History log of /frameworks/base/keystore/java/android/security/KeyStore.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
ae6cb7aad56bb006769cd8a69b92af7236644fc1	23-Jun-2015	Alex Klyubin <klyubin@google.com>	Keymaster INT, LONG and DATE tag values are unsigned. This CL ensures that Android Keystore framework code complies with signedness of keymaster tags. In particular: * INT tags are unsigned 32-bit numbers, and * LONG and DATE tags are unsigned 64-bit numbers. The ensure compliance, KeymasterArguments and KeyCharacteristics classes through which Android Keystore interacts with Keymaster tags have been modified as follows: * ENUM and INT tags which used to be conflated are now added/queried via separate methods, because ENUM can remain represented as an int data type whereas INT is now represented as a long data type with permitted range being [0; 2^32). * Methods for adding/quering LONG tags have been switched from the long data type to the BigInteger data type and now ensure that the value is in the permitted [0; 2^63). * Methods for adding/querying DATE tags now ensure the Date value is in the permitted range [0; 2^63) ms since Unix epoch. * Methods for adding tags throw an IllegalArgumentException if the tag type is unsuitable for the method. This is to ensure that tags with invalid values cannot be added through similar methods (e.g., INT tag added via an ENUM tag addition method invoked with a negative value). Bug: 22008538 Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e /frameworks/base/keystore/java/android/security/KeyStore.java
a99b8b5e3fe456b74b9f86e12bebebb5e418f58e	11-Jun-2015	Alex Klyubin <klyubin@google.com>	Do not require USE_FINGERPRINT for getAuthenticatorId. This removes the requirement to hold the USE_FINGERPRINT permission to successfully invoke FingerprintManager.getAuthenticatorId(). This is needed because Android Keystore classes which run inside app processes occasionally need to access this authenticator ID. The access however is not necessarily triggered by the developer using APIs to do with fingerprints. Thus, if an app does not hold the USE_FINGERPRINT permission and uses Android Keystore API, it may unexpectedly encounter a SecurityException. It's OK to provide access to authenticator ID without requiring USE_FINGERPRINT permission because there are other ways to access this ID without holding that permission, such as though hidden KeyStore API. Once Android Keystore code is restructured to no longer require access to authenticator ID, this CL can be reverted. Bug: 21030147 Change-Id: I9af29830abce34c46e29e5c1682cc3ab88c95c00 /frameworks/base/keystore/java/android/security/KeyStore.java
4a0ff7ca984d29bd34b02e54441957cad65e8b53	09-Jun-2015	Alex Klyubin <klyubin@google.com>	Android Keystore keys are no longer backed by Conscrypt. This switches Android Keystore asymmetric keys from being backed by Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE which talks to keystore via the old KeyStore API) to being backed by the AndroidKeyStore Provider which talks to keystore via the new KeyStore API. In effect, this switches asymmetric crypto offered by Android Keystore from old Keystore API to new KeyStore API, enabling all the new features such as enforcement of authorizations on key use. Some algorithms offered by Android Keystore, such as RSA with OAEP or PSS padding schemes, are not supported by other providers. This complicates matters because Android Keystore only supports public key operations if the corresponding private key is in the keystore. Thus, Android Keystore can only offer these operations for its own public keys only. This requires AndroidKeyStore to use its own subclasses of PublicKey everywhere. The ugliest place is where it needs to return its own subclass of X509Certificate only to be able to return its own subclass of PublicKey from Certificate.getPublicKey(). Bug: 18088752 Bug: 19284418 Bug: 20912868 Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64 /frameworks/base/keystore/java/android/security/KeyStore.java
3ceb1a04b44539c2b2c3afec6df487fe128911f2	06-Jun-2015	Alex Klyubin <klyubin@google.com>	Switch Android Keystore key gen and import to new KeyStore API. This makes Android Keystore's asymmetric key generation and import use the new KeyStore API (similar to keymaster 1.0 API). Because the resulting private keys will be used through Conscrypt/keystore-engine which uses the old Keystore API, this CL implements a temporary workaround where all generated and imported keys are authorized for padding NONE and digest NONE, in addition to padding schemes and digests requested by the user of the Android Keystore API. This workaround is needed because keystore-engine uses digest NONE and padding NONE for all its crypto operations. Bug: 18088752 Bug: 20912868 Change-Id: Idc709039d091294265bd000160b5507f13825849 /frameworks/base/keystore/java/android/security/KeyStore.java
469cbf5156ad54650726ade59f2ee5aa01359ec2	04-Jun-2015	Alex Klyubin <klyubin@google.com>	Deprecate KeyChain.isBoundKeyAlgorithm. This is bad API. There was never a guarantee that when this method returns true for a key algorithm (e.g., RSA or EC), then all keys of that type will be imported into secure hardware. For example, the secure hardware may reject a key if it's of unsupported size or uses an unsupported public exponent or EC curve. In that case, the key will be imported into keystore/KeyChain without being backed by secure hardware. Bug: 18088752 Change-Id: I8daa574a2e703a347d09d93401cd1ea2d0162ed9 /frameworks/base/keystore/java/android/security/KeyStore.java
4350babc028822e8905190d88a9f5b8c6ffce8ec	08-Jun-2015	Alex Klyubin <klyubin@google.com>	Remove deprecated android.security.KeyStore methods. * delKey -> delete * getPubkey -> exportKey * saw -> list. Bug: 18088752 Change-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49 /frameworks/base/keystore/java/android/security/KeyStore.java
8a07701f3817ad0b76b82cfc464868e8f57e359d	29-May-2015	Chad Brubaker <cbrubaker@google.com>	Add optional additional entropy to finish If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. (cherry-picked from commit 9ce30624a448f439e19960d0dd88103c04676e7d) Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58 /frameworks/base/keystore/java/android/security/KeyStore.java
966486e134c901ea61195b352fdd81476b3639b4	01-Jun-2015	Chad Brubaker <cbrubaker@google.com>	Track changes to the keystore binder API Output parameters are gone from begin, instead they will returned in the OperationResult and begin, update, and finish may return output parameters. Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8 /frameworks/base/keystore/java/android/security/KeyStore.java
e35d49f0d2853b79470ec890113bf4dcef03ab88	13-May-2015	Chad Brubaker <cbrubaker@google.com>	Cleanup Keystore API Rename confusingly named methods, add userID arguments to all methods that operate on user state and delete methods that have been replaced by the onUser* methods. Some of the old methods have been kept in KeyStore.java in order to ease the transition of various system packages to the new methods. (cherry-picked from commit d8aacca3a197f65021e9b520807b7315b7a59d68) Change-Id: Ic271689d62c36d255c5adee26c7abc2e7ed24df5 /frameworks/base/keystore/java/android/security/KeyStore.java
dcdaf87ed0aa99073638bcfe645949f130f0c7ad	14-May-2015	Alex Klyubin <klyubin@google.com>	Move Android Keystore impl to android.security.keystore. This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad /frameworks/base/keystore/java/android/security/KeyStore.java
3f8d4d840894468f2be8a5b56ff266cef2d71c50	13-May-2015	Alex Klyubin <klyubin@google.com>	New AndroidKeyStore API in android.security.keystore. This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c /frameworks/base/keystore/java/android/security/KeyStore.java
83ce095c848b972156256855d0f2a2ff4aa068fd	12-May-2015	Chad Brubaker <cbrubaker@google.com>	Add keystore onUserAdded/Removed methods (cherry-picked from commit 31c2897105e6d71f8e6edeab312d2147bbdbaeb1) Change-Id: I73fe9344ec5660e58425d5c85d14381820533d57 /frameworks/base/keystore/java/android/security/KeyStore.java
622fd932fd33c6e86c86c8a24082674ad077a810	12-May-2015	Alex Klyubin <klyubin@google.com>	Flatten KeyStoreKeyProperties constants. This moves constants/flags declared in inner classes of KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API Council. Bug: 21039983 Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c /frameworks/base/keystore/java/android/security/KeyStore.java
5418393c58d1d80fe37a209ab931f6d56bd46a86	09-May-2015	Alex Klyubin <klyubin@google.com>	Document when encrypted AndroidKeyStore keys are wiped. This also drops the boolean parameter from KeyGeneratorSpec.Builder.setEncryptionRequired to match the already launched KeyPairGeneratorSpec.Builder.setEncryptionRequired. Bug: 18088752 Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669 /frameworks/base/keystore/java/android/security/KeyStore.java
f8a96d16290dbca1b1bdad153ceadad9c7d55111	08-May-2015	Chad Brubaker <cbrubaker@google.com>	Merge "Cleanup keystore password changing and unlocking" into mnc-dev
a91a8504191d91d288c55821caa5bf00c9be26a2	07-May-2015	Chad Brubaker <cbrubaker@google.com>	Cleanup keystore password changing and unlocking Add KeyStore.onUserPasswordChanged for the lockscreen to call when the user changes their password. Keystore will then handle the logic of deleting keys. Instead of calling Keystore.password_uid for both unlocking and password changes the behavior has been split into Keystore.unlock and onUserPasswordChanged. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8 /frameworks/base/keystore/java/android/security/KeyStore.java
4d5443f37f2bc58be8d22ed50024c39a5a1fbc8f	07-May-2015	Alex Klyubin <klyubin@google.com>	Define String constants for AndroidKeyStore crypto. This defines the String enum values based on JCA standard names for key algorithm, block mode, padding schemes, and digests. This should make it safer to interact with AndroidKeyStore code that uses JCA strings. This was requested by API Council. Bug: 18088752 Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817 /frameworks/base/keystore/java/android/security/KeyStore.java
2d7a85cd2b2ab4dbbe09354c6ae1668bff51a514	30-Apr-2015	Alex Klyubin <klyubin@google.com>	Switch from FingerprintService to FingerprintManager. FingerprintService is a lower layer of abstraction which should ideally be accessed only via FingerprintManager from AndroidKeyStore. The main issue with the switch is that it requires a reference to a Context. This is now obtained using ActivityThread's hidden API. Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa /frameworks/base/keystore/java/android/security/KeyStore.java
2dac95d03399bb9fa59999e4964d7f8bcd485c38	30-Apr-2015	Svetoslav <svetoslavganov@google.com>	Fix the build Change-Id: I24e697e989b5f88c3f5e61343fbff60a09aa4c12 /frameworks/base/keystore/java/android/security/KeyStore.java
058de02073a129301d391c22b050f2d65adadb0f	30-Apr-2015	Alex Klyubin <klyubin@google.com>	Enable per-use user authenticated keys to be used. This makes symmetric Cipher and Mac implementations backed by AndroidKeyStore succeed in their initialization when the key is configured to require user authentication for every use. Users of such keys should obtain an instance of Cipher or Mac, initialize it with the key, and then authorize the operation by passing this Cipher or Mac instance to FingerprintManager.authenticate. Bug: 18088752 Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1 /frameworks/base/keystore/java/android/security/KeyStore.java
708fc9404501ac42b6cac925fe3e10801b5f633b	29-Apr-2015	Alex Klyubin <klyubin@google.com>	Add KeyPermanentlyInvalidatedException. This enables users of AndroidKeyStore crypto to differentiate between the key being unusable until the user is authenticated (UserNotAuthenticatedException) and the key being permanently unusable (KeyPermanentlyInvalidatedException). The latter is the case when the secure lock screen has been disabled or reset, and, for keys that require user authentication for every use, when a new fingerprint is enrolled or all fingerprints are unenrolled. NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the NewFingerprintEnrolledException which has thus been removed. There is no way to find out whether a key was permenently invalidated specifically because a new fingerprint was added. Bug: 20642549 Bug: 20526234 Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b /frameworks/base/keystore/java/android/security/KeyStore.java
560d653e554882218232cd0fe4711be42145727a	24-Apr-2015	Chad Brubaker <cbrubaker@google.com>	Add OP_AUTH_NEEDED KeyStore result code OP_AUTH_NEEDED will be returned from begin when an operation needs a per operation authentication before calling update. Note that the begin call succeeds when this error is returned, the token and handle are valid. (cherry picked from commit dabe520a3e6b0d0c40adfd748483fa336c43c366) Change-Id: I0ba4e997360843b5eb6c1db9c5fcd1c4d5a2c717 /frameworks/base/keystore/java/android/security/KeyStore.java
22335a9730d80c7282f2a10d617136702850c56f	25-Apr-2015	Kenny Root <kroot@google.com>	am 6c1af7ea: am 8652bce1: am c71f2648: Merge "frameworks/base: switch to using NativeConstants." * commit '6c1af7ea497b1a2f04bdf45a19d2147f5b9665b9': frameworks/base: switch to using NativeConstants.
c71f264847eb75d53c0f99e6e1c42a8a1527d3b4	24-Apr-2015	Kenny Root <kroot@google.com>	Merge "frameworks/base: switch to using NativeConstants."
40485f5aac5bc02fb3b24ad03ac71f724e4c340a	24-Apr-2015	Alex Klyubin <klyubin@google.com>	resolved conflicts for merge of f9c14b7d to master Change-Id: Ifa29891b8ad7979cbc28c54180b9606bb1319ff0
ad9ba10ecda10c14e46d00f40fc3e431cc2d9bc2	22-Apr-2015	Alex Klyubin <klyubin@google.com>	No runtime exceptions during normal use of AndroidKeyStore crypto. This changes the implementation of AndroidKeyStore-backed Cipher and Mac to avoid throwing runtime exceptions during normal use. Runtime exceptions will now be thrown only due to truly exceptional and unrecoverable errors (e.g., keystore unreachable, or crypto primitive not initialized). This also changes the implementation of Cipher to cache any errors encountered in Cipher.update until Cipher.doFinal which then throws them as checked exceptions. Bug: 20525947 Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727 /frameworks/base/keystore/java/android/security/KeyStore.java
6bf52c4271bd0483174fe3755caedb778693791e	24-Apr-2015	Adam Langley <agl@google.com>	frameworks/base: switch to using NativeConstants. NativeCrypto is a conscrypt class that contained several OpenSSL constants. NativeConstants is the new class that contains the same thing, but the latter is automatically generated and thus won't drift from the C headers. Bug: 20521989 Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc /frameworks/base/keystore/java/android/security/KeyStore.java
dbcec13d64d7e6e8d4e5a867c1ca8b78951ed217	03-Apr-2015	Alex Klyubin <klyubin@google.com>	resolved conflicts for merge of b068f162 to master Change-Id: I5bc234e1da047880d3437a861ff93474a9797e18
b4834ae3fa09e8013f7ab743a12def063ae999e3	03-Apr-2015	Alex Klyubin <klyubin@google.com>	Rename KeymasterException to KeyStoreException. The code in question talks to KeyStore which returns error codes which are a mix of keystore and keymaster error codes. To better match the layering of KeyStore on top of keystore and keymaster, this CL renames KeymasterException into KeyStoreException. It also adds human-readable error messages to exceptions raised by keystore rather than keymaster (e.g., key not found). Bug: 18088752 Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88 /frameworks/base/keystore/java/android/security/KeyStore.java
f603e2861430f13a746f80885b5fc00994f64391	30-Mar-2015	Chad Brubaker <cbrubaker@google.com>	Merge "Add authorization binder methods"
dae79e540844741fc35c648efe8bbb00fc8ab781	27-Mar-2015	Chad Brubaker <cbrubaker@google.com>	Allow entropy to be provided to some operations generateKey and begin can now optionally take an array of bytes to add to the rng entropy of the device before the operation. If entropy is specified and the device does not support add_rng_entropy or the call fails then that device will not be used, leading to fallback or error depending on the situation. Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134 /frameworks/base/keystore/java/android/security/KeyStore.java
5e73c0eec2bc77222a5a87fb2a135d8303836411	22-Mar-2015	Chad Brubaker <cbrubaker@google.com>	Make application/client id an object Having it as a raw byte[] caused issues in keystore because keymaster handles a null blob differently than a blob with null contents. Make this explicit in the API. Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b /frameworks/base/keystore/java/android/security/KeyStore.java
5654b36b4667431e49d27c07a06d275656071e75	18-Mar-2015	Chad Brubaker <cbrubaker@google.com>	Add authorization binder methods Add methods for sending an auth token to keystore and to query the authorization state of a given operation. Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8 /frameworks/base/keystore/java/android/security/KeyStore.java
e6a461341ccf3b952427daf40c973d9914cdb270	11-Feb-2015	Chad Brubaker <cbrubaker@google.com>	Add new IKeystoreService methods to KeyStore Add wrappers for all the new IKeystoreService keymaster 0.4 methods to android.security.KeyStore. Change-Id: Icb5500cfffb62d1af326edf326e1b9b67e5cece9 /frameworks/base/keystore/java/android/security/KeyStore.java
590c068e8380ba73a6571ddf797d4ce02b390bcb	16-Jan-2015	Alex Klyubin <klyubin@google.com>	Merge "Add KeyPairGenerator.EC backed by Android KeyStore."
21a76df55cf4b956f4d34f57c7b9e694d0363f54	14-Jan-2015	Alex Klyubin <klyubin@google.com>	Add KeyPairGenerator.EC backed by Android KeyStore. The Android KeyStore backed KeyPairGenerator can generate EC key pairs, but it cannot be instantiated via the standard JCA approach of KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the user must invoke KeyPairGenerator.getInstance("RSA", "AndroidKeyStore") and then tell it to generate an EC key pair. This CL fixes this weirdness. The fix requires the introduction of late resolution of key algorithm and default key size. Prior to this CL, these parameters were resolved prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec. In this CL, these parameters are resolved during KeyPairGenerator initialization. This is fine because KeyPairGeneratorSpec should be as dumb as possible and all the logic should reside in KeyPairGenerator and lower layers. Bug: 19018089 Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2 /frameworks/base/keystore/java/android/security/KeyStore.java
7a2c973db7756a60f1cdd6cf67411115c1576081	14-Jan-2015	Chad Brubaker <cbrubaker@google.com>	Generate IKeystoreService using aidl This replaces IKeystoreService.java with IKeystoreService.aidl and changes the methods that passed down a byte[][] to instead pass down a KeystoreArguments which is currently a thin parcelable wrapper around a byte[][]. Change-Id: I6367bcf57562f41a27aab14f1903b74995cb65c2 /frameworks/base/keystore/java/android/security/KeyStore.java
9d2d6b6b4b1b16221cbd857703cd6301c6bf873c	26-Nov-2014	Kenny Root <kroot@google.com>	Track change to Conscrypt Change-Id: I8814fd0720acf09332927f184fdd9b2cdac4f413 /frameworks/base/keystore/java/android/security/KeyStore.java
f0246a8a14d69680d1776620e75a485cf963e574	13-Aug-2014	Robin Lee <rgl@google.com>	Keep managed profile keystores in sync with owner Fixes setting a keyguard password for keystore in a multi-user setup while we're at it. Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e /frameworks/base/keystore/java/android/security/KeyStore.java
b91773bce1126d28a93f73fbef18f3a79245f24e	05-Sep-2013	Kenny Root <kroot@google.com>	Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb /frameworks/base/keystore/java/android/security/KeyStore.java
a39859889b7de0ad3190386cc732fa4bdcbe5504	16-Aug-2013	Kenny Root <kroot@google.com>	Add support for DSA and ECDSA key types (cherry picked from commit f64386fc26efeb245fd90fabaa47b8c8bf9b4613) Bug: 10600582 Change-Id: I88dfcc8ca602f55fad54bd8bf043aee460c0de24 /frameworks/base/keystore/java/android/security/KeyStore.java
e7cf8c230208beef0c3a5f83a1e1d2c36ac5ca12	13-Apr-2013	Kenny Root <kroot@google.com>	keystore: remove old APIs Remove the APIs that don't specify the flags so callers know what they're getting. Bug: 8122243 Change-Id: Ifaef6fb1d16010237c01f9d11f2053bb6b3980c0 /frameworks/base/keystore/java/android/security/KeyStore.java
2eeda7286f3c7cb79f7eb71ae6464cad213d12a3	10-Apr-2013	Kenny Root <kroot@google.com>	AndroidKeyStore: Add encrypted flag Add the encrypted flag for the KeyPairGenerator and the KeyStore so that applications can choose to allow entries when there is no lockscreen. Bug: 8122243 Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850 /frameworks/base/keystore/java/android/security/KeyStore.java
a3788b00bb221e20abdd42f747d2af419e0a088c	10-Apr-2013	Kenny Root <kroot@google.com>	keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608 /frameworks/base/keystore/java/android/security/KeyStore.java
d72317abd79ddf95d48c8f35bf1070900ff55b5e	02-Apr-2013	Kenny Root <kroot@google.com>	Remove keystore entries when package removed Add a hook into PackageManagerService so that when app IDs are completely removed, we erase all entries from keystore for those UIDs that have gone away. (cherry picked from commit 95e3ee3971915b323e5c13dcfe3b12a4180850cd) Bug: 3020069 Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94 /frameworks/base/keystore/java/android/security/KeyStore.java
5cb5cec6a4a4d5432d4ce6468c12de9508db1633	29-Mar-2013	Kenny Root <kroot@google.com>	KeyStore: add API to query storage type Add an API to keystore daemon to query what kind of storage is currently in use. (cherry picked from commit a738e2a1aee26e0be3944c11820724aeca313f83) Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee /frameworks/base/keystore/java/android/security/KeyStore.java
5f1d965f7d7e1df50981ffed8faa11fbcc17ca22	21-Mar-2013	Kenny Root <kroot@google.com>	KeyStore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55 /frameworks/base/keystore/java/android/security/KeyStore.java
bd79419ef84ae31f3765721b50aa413fa462d1d1	20-Mar-2013	Kenny Root <kroot@google.com>	KeyStore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1 /frameworks/base/keystore/java/android/security/KeyStore.java
78ad849163a7b01073b46fbd7d818392720005d1	14-Feb-2013	Kenny Root <kroot@google.com>	KeyStore: add API to uid versions In previous commits, we added the ability to specify which UID we want to target on certain operations. This commit adds the ability to reach those binder calls from the KeyStore class. Also fix a problem where saw() was not reading all the values returned via the Binder call. This changes the semantics to return a null instead of failing silently when it's not possible to search. Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4 /frameworks/base/keystore/java/android/security/KeyStore.java
b9594ce9ebb3f5f303a280f04312ae5754ce3560	14-Feb-2013	Kenny Root <kroot@google.com>	KeyStore: stop using state() Change-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752 /frameworks/base/keystore/java/android/security/KeyStore.java
e151f281d527f4bea5cbdf4219d5e0507a6668b0	14-Feb-2013	Kenny Root <kroot@google.com>	Track keystore binder changes Change-Id: Id6133be059a8a0901d16355a9152e40e4a255454 /frameworks/base/keystore/java/android/security/KeyStore.java
e66769ad5194cb4533d1087416a2e804ac384285	05-Feb-2013	Kenny Root <kroot@google.com>	AndroidKeyStore: return error code on error Instead of blindly multiplying return value by 1000 to convert to milliseconds, check to see if it's an error condition first. Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791 /frameworks/base/keystore/java/android/security/KeyStore.java
8b58c52bf4cc276165b1857eb4087eabde7b6477	04-Feb-2013	Kenny Root <kroot@google.com>	AndroidKeyStore: fix tests Change-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d /frameworks/base/keystore/java/android/security/KeyStore.java
6b77645aa9ac51ce33ea67adba226aaf1a6e8846	02-Nov-2012	Kenny Root <kroot@google.com>	Switch keystore to binder Change-Id: I9fa1fc05068bee1eed3f618fb32f70cf3d4c05d4 /frameworks/base/keystore/java/android/security/KeyStore.java
473c712b19bad992ab4eafcd43175fdce77b913d	18-Aug-2012	Kenny Root <kroot@google.com>	Add getmtime to Android KeyStore API java.security.KeyStore requires that you be able to get the creation date for any given entry. We'll approximate that through using the mtime of the file in the keystore. Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f /frameworks/base/keystore/java/android/security/KeyStore.java
5b1f037829bff93877a6257db69f4e7723a27e20	31-Jul-2012	Brian Carlstrom <bdc@google.com>	Change KeyStore to use Modified UTF-8 to match NativeCrypto Bug: http://code.google.com/p/android/issues/detail?id=35141 Bug: 6869713 Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e /frameworks/base/keystore/java/android/security/KeyStore.java
5423e68d5dbe048ec6f042cce52a33f94184e9fb	14-Nov-2011	Kenny Root <kroot@google.com>	Add signing to keystore Change the keystore to keep the private keys in keystore. When returned, it uses the OpenSSL representation of the key to allow users to use it in various operations through the OpenSSL ENGINE that connects to keystore. Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735 /frameworks/base/keystore/java/android/security/KeyStore.java
7e4b1a488dd02c4bf6156379e36834e9e01c5b1b	02-Jun-2011	Brian Carlstrom <bdc@google.com>	Restore ResponseCodes for use with getLastError Change-Id: I41b5bc9cbb6c05672c92d5864e889fd2b0186141 /frameworks/base/keystore/java/android/security/KeyStore.java
5cfee3fabb3482c6a6df1c8b6f21e843cf214527	31-May-2011	Brian Carlstrom <bdc@google.com>	Integrating keystore with keyguard (Part 1 of 4) Summary: frameworks/base keystore rewrite keyguard integration with keystore on keyguard entry or keyguard change KeyStore API simplification packages/apps/Settings Removed com.android.credentials.SET_PASSWORD intent support Added keyguard requirement for keystore use packages/apps/CertInstaller Tracking KeyStore API changes Fix for NPE in CertInstaller when certificate lacks basic constraints packages/apps/KeyChain Tracking KeyStore API changes Details: frameworks/base Move keystore from C to C++ while rewriting password implementation. Removed global variables. Added many comments. cmds/keystore/Android.mk cmds/keystore/keystore.h cmds/keystore/keystore.c => cmds/keystore/keystore.cpp cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp Changed saveLockPattern and saveLockPassword to notify the keystore on changes so that the keystore master key can be reencrypted when the keyguard changes. core/java/com/android/internal/widget/LockPatternUtils.java Changed unlock screens to pass values for keystore unlock or initialization policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java KeyStore API changes - renamed test() to state(), which now return a State enum - made APIs with byte[] key arguments private - added new KeyStore.isEmpty used to determine if a keyguard is required keystore/java/android/security/KeyStore.java In addition to tracking KeyStore API changes, added new testIsEmpty and improved some existing tests to validate expect values. keystore/tests/src/android/security/KeyStoreTest.java packages/apps/Settings Removing com.android.credentials.SET_PASSWORD intent with the removal of the ability to set an explicit keystore password now that the keyguard value is used. Changed to ensure keyguard is enabled for keystore install or unlock. Cleaned up interwoven dialog handing into discrete dialog helper classes. AndroidManifest.xml src/com/android/settings/CredentialStorage.java Remove layout for entering new password res/layout/credentials_dialog.xml Remove enable credentials checkbox res/xml/security_settings_misc.xml src/com/android/settings/SecuritySettings.java Added ability to specify minimum quality key to ChooseLockGeneric Activity. Used by CredentialStorage, but could also be used by CryptKeeperSettings. Changed ChooseLockGeneric to understand minimum quality for keystore in addition to DPM and device encryption. src/com/android/settings/ChooseLockGeneric.java Changed to use getActivePasswordQuality from getKeyguardStoredPasswordQuality based on experience in CredentialStorage. Removed bogus class javadoc. src/com/android/settings/CryptKeeperSettings.java Tracking KeyStore API changes src/com/android/settings/vpn/VpnSettings.java src/com/android/settings/wifi/WifiSettings.java Removing now unused string resources res/values-af/strings.xml res/values-am/strings.xml res/values-ar/strings.xml res/values-bg/strings.xml res/values-ca/strings.xml res/values-cs/strings.xml res/values-da/strings.xml res/values-de/strings.xml res/values-el/strings.xml res/values-en-rGB/strings.xml res/values-es-rUS/strings.xml res/values-es/strings.xml res/values-fa/strings.xml res/values-fi/strings.xml res/values-fr/strings.xml res/values-hr/strings.xml res/values-hu/strings.xml res/values-in/strings.xml res/values-it/strings.xml res/values-iw/strings.xml res/values-ja/strings.xml res/values-ko/strings.xml res/values-lt/strings.xml res/values-lv/strings.xml res/values-ms/strings.xml res/values-nb/strings.xml res/values-nl/strings.xml res/values-pl/strings.xml res/values-pt-rPT/strings.xml res/values-pt/strings.xml res/values-rm/strings.xml res/values-ro/strings.xml res/values-ru/strings.xml res/values-sk/strings.xml res/values-sl/strings.xml res/values-sr/strings.xml res/values-sv/strings.xml res/values-sw/strings.xml res/values-th/strings.xml res/values-tl/strings.xml res/values-tr/strings.xml res/values-uk/strings.xml res/values-vi/strings.xml res/values-zh-rCN/strings.xml res/values-zh-rTW/strings.xml res/values-zu/strings.xml res/values/strings.xml packages/apps/CertInstaller Tracking KeyStore API changes src/com/android/certinstaller/CertInstaller.java Fix for NPE in CertInstaller when certificate lacks basic constraints src/com/android/certinstaller/CredentialHelper.java packages/apps/KeyChain Tracking KeyStore API changes src/com/android/keychain/KeyChainActivity.java src/com/android/keychain/KeyChainService.java support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java tests/src/com/android/keychain/tests/KeyChainServiceTest.java Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d /frameworks/base/keystore/java/android/security/KeyStore.java
46703b099516c383a6882815bcf9cd4df0ec538d	07-Apr-2011	Brian Carlstrom <bdc@google.com>	Tolerate missing AccountManager resource, not just missing resource name In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator. Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5 /frameworks/base/keystore/java/android/security/KeyStore.java
34c47c855815d731e6deb55748ff690b0ec7b53f	09-Mar-2010	Nick Kralevich <nnk@google.com>	Don't rely on the system locale for converting to/from bytes. By default, when java converts Strings to bytes, it uses the default system locale. This can be specified by the -Dfile.encoding option. If no file encoding is specified, java uses ISO8859_1. Unfortunately, not all unicode characters can be mapped to ISO8859_1. Unmappable characters may be replaced by a byte within ISO8859_1, which may change the meaning of the String. This is especially problematic for password strings, and has been used to compromise the security of passwords in the past. Thankfully, Android uses UTF-8 by default, so this bug doesn't effect Android devices. However, it's recommended to explicitly list the character set when converting to/from bytes to avoid the potential ambiguity. Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8 /frameworks/base/keystore/java/android/security/KeyStore.java
d12feb97667498378a472c5a7895a9fcd8056ec5	06-Feb-2010	Chia-chi Yeh <chiachi@android.com>	KeyStore: minor improvements. Make constants final. Only converts ArrayLists to arrays when necessary. /frameworks/base/keystore/java/android/security/KeyStore.java
f1ece5d0c16fa3e79390e41ad9bec020c77d7720	24-Sep-2009	Chia-chi Yeh <chiachi@android.com>	KeyStore: return null when response code indicates an error. /frameworks/base/keystore/java/android/security/KeyStore.java
613fcc850686dfe71cec9809c3694be9cf02cdc7	21-Sep-2009	Chia-chi Yeh <chiachi@android.com>	KeyStore: rename scan() to saw(). /frameworks/base/keystore/java/android/security/KeyStore.java
44039172627d1c15737ea73836ad375559d76211	21-Sep-2009	Chia-chi Yeh <chiachi@android.com>	KeyStore: add java interface. /frameworks/base/keystore/java/android/security/KeyStore.java