| 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
|
| 4a0ff7ca984d29bd34b02e54441957cad65e8b53 |
|
09-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Android Keystore keys are no longer backed by Conscrypt.
This switches Android Keystore asymmetric keys from being backed by
Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE
which talks to keystore via the old KeyStore API) to being backed by
the AndroidKeyStore Provider which talks to keystore via the new
KeyStore API. In effect, this switches asymmetric crypto offered by
Android Keystore from old Keystore API to new KeyStore API, enabling
all the new features such as enforcement of authorizations on key use.
Some algorithms offered by Android Keystore, such as RSA with OAEP
or PSS padding schemes, are not supported by other providers. This
complicates matters because Android Keystore only supports public key
operations if the corresponding private key is in the keystore. Thus,
Android Keystore can only offer these operations for its own public
keys only. This requires AndroidKeyStore to use its own subclasses of
PublicKey everywhere. The ugliest place is where it needs to return
its own subclass of X509Certificate only to be able to return its
own subclass of PublicKey from Certificate.getPublicKey().
Bug: 18088752
Bug: 19284418
Bug: 20912868
Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
/frameworks/base/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
|
| 4350babc028822e8905190d88a9f5b8c6ffce8ec |
|
08-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Remove deprecated android.security.KeyStore methods.
* delKey -> delete
* getPubkey -> exportKey
* saw -> list.
Bug: 18088752
Change-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49
/frameworks/base/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
|
| dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore.
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/tests/src/android/security/keystore/AndroidKeyPairGeneratorTest.java
|