e4487ea288e9fea837995d9bc4608c8a4a253ec8 |
|
29-Feb-2016 |
Robin Lee <rgl@google.com> |
More sensible return code for Credentials.deleteAll Was: result = True iff nDeleted != 0 Now: result = True iff nDeleted == nExisted The most common reason you'd want to delete all credentials under an alias is to be sure they no longer exist. The new contract gives a way to do this without multiple IPCs to the same service. Bug: 27335182 Change-Id: I8762b9b4fcc48037387dd805dbd0dbbe141d5b24
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
c38eae5229a820966008ae1885af90cd27c265e7 |
|
23-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add option to allow key validity after fingerprint enrollment."" This reverts commit 512c132f49fc6e8e4fc119f4cf167d33b2393509. Change-Id: Iac381dfebcfe42f0468569eb2395ebeb97a95887
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
512c132f49fc6e8e4fc119f4cf167d33b2393509 |
|
22-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add option to allow key validity after fingerprint enrollment." This reverts commit ada0fc1b05902b11401094b15480377d1b6c5a35. Change-Id: I934b6e6af49ab680af726c544f0193dfcb80054e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
ada0fc1b05902b11401094b15480377d1b6c5a35 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add option to allow key validity after fingerprint enrollment. Bug: 21563854 Change-Id: I4f601e59fbfcd601e6a80ddcbc7b83ced6cc18c8
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
adef49640d6339e6b4a6ad736c5815e35d9b8803 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add support for extending key validity while on body. Bug: 21563854 Change-Id: I3b622d2af77ec4ac3ba42407fc391112c153ef0f
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
e4928a2912297751108c7045ce3343ec63edcc01 |
|
21-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster digest/padding NONE no longer means ANY. This adjusts the public API documentation to no longer say that digest/padding NONE means any digest/padding. This also changes the implementation of legacy key generation and import to explicitly list which digests/paddings the generated/imported key is authorized for. Previously, such keys were simply authorized for digest NONE and padding NONE. Bug: 22556114 Change-Id: Id02d9450a07de16ccb795b76b6de0006dd49dcca
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
a95550f8016bbb0dba086dbd73eec63e6cdbbe98 |
|
17-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Add KM_MIN_MAC_LENGTH tag to HMAC and AES-GCM keys. This makes Android Keystore add the KM_MIN_MAC_LENGTH tag to generated and imported HMAC and AES-GCM keys. This tag specifies the minimum length of the MAC/authentication tag authorized to be used for the key. For HMAC keys the minimum MAC length is set to the length of the digest associated with the key (HMAC keys are authorized for exactly one digest). For AES keys the minimum authetication tag length is set to 96 bit. This is the minimum supported by Android Keystore's AES-GCM implementation. Bug: 22337277 Change-Id: Ic6e47cf084734d1592788dc58088889f7fff74eb
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
c58153b2d7418f44f2b0e397478be808e91decef |
|
08-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
HMAC keys are authorized for exactly one digest. This is in preparation for enforcing the minimum length of MACs which in the case of HMAC keys generated or imported by Android Keystore will be set to the length of the digest for which the key is authorized. Bug: 22337277 Change-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
b6e628644a981b8077b3755b9def4550ff4a46a0 |
|
06-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Avoid IllegalStateException when generating/importing keys. This avoids IllegalStateException when generating/importing keys which require user authentication when the system is not configured to generate/import such keys (e.g., secure lock screen not set up). The documentation states that before generating/importing such keys apps should check (using public API) whether the system is in a suitable state. However, some apps are not doing that and instead catching the IllegalStateException thrown during key generation/import. This is a bad practice because this exception is an undocumented implementation detail and should thus not be depended upon. This CL addresses this issue as follows: 1. Key(Pair)Generator.init now throws a checked InvalidAlgorithmParameterException when the system is in a wrong state. Because in most uses of Key(Pair)Generator .init is immediately followed by .generate, this prevents .generate from encountering this state and does so using a checked exception which is part of public API. 2. Key import rethrows the IllegalStateException as a checked KeyStoreException which is meant to be thrown if the key cannot be imported for any reason. Key(Pair)Generator.generate unfortunately cannot throw any checked exceptions and thus has to continue throwing unchecked exceptions. Bug: 22262809 Change-Id: Ic0f7b7a90e0ba63df9139c79b80a8649d2645d2a
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
903d0fb98817dca284a640dbc853c7fcbbdc8313 |
|
26-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Don't offer crypto ops for public keys of trusted cert entries. Android Keystore cannot offer crypto operations for public keys of trusted certificate entries (entries without a private key). Prior to this CL it accidentally tried to do so, causing crypto operations on these keys to fail. The fix is for Android Keystore to offer crypto operations only for public keys for which there is a corresponding private key in the keystore. Crypto operations on public keys from trusted certificate entries will be handled by other installed crypto providers. Those providers don't need a private key to carry out these operations on public keys. Bug: 22091725 Bug: 21835320 Change-Id: Ib7d92b067711e4c57128d0db72c08bf288a45ce1
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
ae6cb7aad56bb006769cd8a69b92af7236644fc1 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster INT, LONG and DATE tag values are unsigned. This CL ensures that Android Keystore framework code complies with signedness of keymaster tags. In particular: * INT tags are unsigned 32-bit numbers, and * LONG and DATE tags are unsigned 64-bit numbers. The ensure compliance, KeymasterArguments and KeyCharacteristics classes through which Android Keystore interacts with Keymaster tags have been modified as follows: * ENUM and INT tags which used to be conflated are now added/queried via separate methods, because ENUM can remain represented as an int data type whereas INT is now represented as a long data type with permitted range being [0; 2^32). * Methods for adding/quering LONG tags have been switched from the long data type to the BigInteger data type and now ensure that the value is in the permitted [0; 2^63). * Methods for adding/querying DATE tags now ensure the Date value is in the permitted range [0; 2^63) ms since Unix epoch. * Methods for adding tags throw an IllegalArgumentException if the tag type is unsuitable for the method. This is to ensure that tags with invalid values cannot be added through similar methods (e.g., INT tag added via an ENUM tag addition method invoked with a negative value). Bug: 22008538 Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster key validity dates are optional. This CL makes Android Keystore framework code add KM_TAG_ACTIVE_DATETIME, KM_TAG_ORIGINATION_EXPIRE_DATETIME, and KM_TAG_USAGE_EXPIRE_DATETIME tags to the authorizations set only if the corresponding time instants were specified through the framework-level API. This is fine because these tags are optional as it turns out. Bug: 18088752 Change-Id: I6a5ae4cadb441e61576231815e6bec6e9248bc72
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
2e3aaa7dc1c40c0145e8d52422f2fb65799a3a60 |
|
17-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Remove unnecessary PKCS#1 authorization on legacy keys. There is no need to authorize PKCS#1 signature padding scheme when NONE padding scheme is authorized. NONE authorizes the use of any padding scheme. Bug: 18088752 Change-Id: I73ccb373d577c988acde372d972092278923c4e4
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
dcf3d35f23ba46f17251d4181eee4675691f3380 |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs to reflect meaning of digest and padding NONE. This also adds information about what digests and paddings may need to be specified for keys used in TLS/SSL for client or server authentication. Bug: 21777596 Change-Id: Icd495458c38c4f912b21a64ca7aab2c88d76461c
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
4a0ff7ca984d29bd34b02e54441957cad65e8b53 |
|
09-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Android Keystore keys are no longer backed by Conscrypt. This switches Android Keystore asymmetric keys from being backed by Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE which talks to keystore via the old KeyStore API) to being backed by the AndroidKeyStore Provider which talks to keystore via the new KeyStore API. In effect, this switches asymmetric crypto offered by Android Keystore from old Keystore API to new KeyStore API, enabling all the new features such as enforcement of authorizations on key use. Some algorithms offered by Android Keystore, such as RSA with OAEP or PSS padding schemes, are not supported by other providers. This complicates matters because Android Keystore only supports public key operations if the corresponding private key is in the keystore. Thus, Android Keystore can only offer these operations for its own public keys only. This requires AndroidKeyStore to use its own subclasses of PublicKey everywhere. The ugliest place is where it needs to return its own subclass of X509Certificate only to be able to return its own subclass of PublicKey from Certificate.getPublicKey(). Bug: 18088752 Bug: 19284418 Bug: 20912868 Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
3ceb1a04b44539c2b2c3afec6df487fe128911f2 |
|
06-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Switch Android Keystore key gen and import to new KeyStore API. This makes Android Keystore's asymmetric key generation and import use the new KeyStore API (similar to keymaster 1.0 API). Because the resulting private keys will be used through Conscrypt/keystore-engine which uses the old Keystore API, this CL implements a temporary workaround where all generated and imported keys are authorized for padding NONE and digest NONE, in addition to padding schemes and digests requested by the user of the Android Keystore API. This workaround is needed because keystore-engine uses digest NONE and padding NONE for all its crypto operations. Bug: 18088752 Bug: 20912868 Change-Id: Idc709039d091294265bd000160b5507f13825849
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
4350babc028822e8905190d88a9f5b8c6ffce8ec |
|
08-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Remove deprecated android.security.KeyStore methods. * delKey -> delete * getPubkey -> exportKey * saw -> list. Bug: 18088752 Change-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
6c03bf523d6b0e4edfade726ed0ee1c49c4d0f69 |
|
04-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Streamline Android Keystore delete entry operation. This ensures that all four entry subtypes are deleted. Bug: 18088752 Change-Id: Ia020dbede562a123c8c81cc9449ba5ab4aac61dd
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
37c8b411cdbbd5139b5a0abf762c24671e12657b |
|
01-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
No need to specify key size when importing. The underlying Keymaster implementation no longer requires that. Bug: 19799085 Change-Id: I6b651bac5d4825b4ed0981a49bb79aedcf79d749
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
96481c3ddc6c58cfcad2a5cb9325ee2b24b0c540 |
|
15-May-2015 |
Alex Klyubin <klyubin@google.com> |
Remove "encrypt at rest" flag from new AndroidKeyStore API. This flag causes issues such as being unable to generate, import, or use keys when the user/profile secure lock screen credential hasn't yet been entered after boot. Bug: 18088752 Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|
dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore. This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSpi.java
|