e4928a2912297751108c7045ce3343ec63edcc01 |
|
21-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster digest/padding NONE no longer means ANY. This adjusts the public API documentation to no longer say that digest/padding NONE means any digest/padding. This also changes the implementation of legacy key generation and import to explicitly list which digests/paddings the generated/imported key is authorized for. Previously, such keys were simply authorized for digest NONE and padding NONE. Bug: 22556114 Change-Id: Id02d9450a07de16ccb795b76b6de0006dd49dcca
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|
ca7aaeaeee616d9d1d557ee2fb19dd14783be1f0 |
|
06-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Support loading AES keys with authorized digests. Due to a bug, Android Keystore failed to load AES keys authorized for use with one or more digests. This CL fixes this bug. Bug: 22300737 Change-Id: Ia49e27833dddb526565e4dc4977ed1e352e5836b
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|
acb7efd0d6dbde2506bb333e400a281f422df3fc |
|
12-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Document when self-signed certs have invalid signature. This updates the Javadocs of Android Keystore to explain what key authorizations are needed for the self-signed cert create at key generation time to have a valid signature. Bug: 18088752 Bug: 21777596 Change-Id: Id02425133f094a0c5a02e96f4c63aab7175cba5b
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|
dcf3d35f23ba46f17251d4181eee4675691f3380 |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs to reflect meaning of digest and padding NONE. This also adds information about what digests and paddings may need to be specified for keys used in TLS/SSL for client or server authentication. Bug: 21777596 Change-Id: Icd495458c38c4f912b21a64ca7aab2c88d76461c
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|
3ceb1a04b44539c2b2c3afec6df487fe128911f2 |
|
06-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Switch Android Keystore key gen and import to new KeyStore API. This makes Android Keystore's asymmetric key generation and import use the new KeyStore API (similar to keymaster 1.0 API). Because the resulting private keys will be used through Conscrypt/keystore-engine which uses the old Keystore API, this CL implements a temporary workaround where all generated and imported keys are authorized for padding NONE and digest NONE, in addition to padding schemes and digests requested by the user of the Android Keystore API. This workaround is needed because keystore-engine uses digest NONE and padding NONE for all its crypto operations. Bug: 18088752 Bug: 20912868 Change-Id: Idc709039d091294265bd000160b5507f13825849
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|
3f8d4d840894468f2be8a5b56ff266cef2d71c50 |
|
13-May-2015 |
Alex Klyubin <klyubin@google.com> |
New AndroidKeyStore API in android.security.keystore. This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
/frameworks/base/keystore/java/android/security/keystore/KeyProperties.java
|