ae6cb7aad56bb006769cd8a69b92af7236644fc1 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster INT, LONG and DATE tag values are unsigned. This CL ensures that Android Keystore framework code complies with signedness of keymaster tags. In particular: * INT tags are unsigned 32-bit numbers, and * LONG and DATE tags are unsigned 64-bit numbers. The ensure compliance, KeymasterArguments and KeyCharacteristics classes through which Android Keystore interacts with Keymaster tags have been modified as follows: * ENUM and INT tags which used to be conflated are now added/queried via separate methods, because ENUM can remain represented as an int data type whereas INT is now represented as a long data type with permitted range being [0; 2^32). * Methods for adding/quering LONG tags have been switched from the long data type to the BigInteger data type and now ensure that the value is in the permitted [0; 2^63). * Methods for adding/querying DATE tags now ensure the Date value is in the permitted range [0; 2^63) ms since Unix epoch. * Methods for adding tags throw an IllegalArgumentException if the tag type is unsuitable for the method. This is to ensure that tags with invalid values cannot be added through similar methods (e.g., INT tag added via an ENUM tag addition method invoked with a negative value). Bug: 22008538 Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
4a0ff7ca984d29bd34b02e54441957cad65e8b53 |
|
09-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Android Keystore keys are no longer backed by Conscrypt. This switches Android Keystore asymmetric keys from being backed by Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE which talks to keystore via the old KeyStore API) to being backed by the AndroidKeyStore Provider which talks to keystore via the new KeyStore API. In effect, this switches asymmetric crypto offered by Android Keystore from old Keystore API to new KeyStore API, enabling all the new features such as enforcement of authorizations on key use. Some algorithms offered by Android Keystore, such as RSA with OAEP or PSS padding schemes, are not supported by other providers. This complicates matters because Android Keystore only supports public key operations if the corresponding private key is in the keystore. Thus, Android Keystore can only offer these operations for its own public keys only. This requires AndroidKeyStore to use its own subclasses of PublicKey everywhere. The ugliest place is where it needs to return its own subclass of X509Certificate only to be able to return its own subclass of PublicKey from Certificate.getPublicKey(). Bug: 18088752 Bug: 19284418 Bug: 20912868 Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
2c37807801dce09b0f0ba1e6360d84b163d88abe |
|
05-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Export KeyFactory backed by Android Keystore." into mnc-dev
|
ccbe88a505848896e59ef8eb4e8405037ba94e88 |
|
03-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Expose RSA and ECDSA Signature from Android Keystore Provider. The RSA Signature supports PKCS#1 and PSS padding. Bug: 18088752 Bug: 20912868 Change-Id: I03cdc86d1935af36f7c87a0b23d67f813829cfb0
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
97a27a73e6c5f5800303596ceebf314d90429d35 |
|
04-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Export KeyFactory backed by Android Keystore. The KeyFactory can be used to obtain information (KeyInfo) about Android Keystore private keys. Bug: 18088752 Change-Id: Ied1a69928f391537de6765cef7dc7d7241cf62bb
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
8ec2bed833a6210d2e5b02e8cefb5c7e7da73610 |
|
19-May-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Use consistent name for KeyPairGeneratorSpi." into mnc-dev
|
e21f0231765492718f1284442136c2ae45e6dd93 |
|
19-May-2015 |
Alex Klyubin <klyubin@google.com> |
Use consistent name for KeyPairGeneratorSpi. This renames AndroidKeyPairGeneratorSpi to AndroidKeyStoreKeyPairGeneratorSpi for consistency with other SPI implementations of AndroidKeyStore provider. Bug: 18088752 Change-Id: Iea1c4d35987b3e64f92dd1706273ffb75a6addd6
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
2cd7673d6e4428338d0b75953a634df552eb08e2 |
|
18-May-2015 |
Alex Klyubin <klyubin@google.com> |
Switch from getSpi to getCurrentSpi. Crypto primitives' getSpi has a side-effect which modifies the state of the primitive: it selects an SPI implementation if it hasn't been selected yet (e.g., Cipher.getInstance("AES") doesn't select an SPI implementation until Cipher.init). The new method getCurrentSpi has no side-effects: it simply returns null if no SPI implementation is selected. The switch to getCurrentSpi lets us avoid side-effects and throw a more pertinent exception when no SPI is yet selected. (cherry-picked from bdc1382ac575a06c98cab69117700e081c90c595) Bug: 18088752 Change-Id: Ib369c7e988329315075aa4e18f720d86f3d96a93
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|
dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore. This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreProvider.java
|