067042f6d7be14cb0f01388c41af597caf8e60fe |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Fix various memory errors. Bug: 26910835 Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
|
b3bb39218888c573c1b341d3ee11516b9ad2d3b4 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge changes from topic \'km_tag_allow_on_body\' am: a1433ee2f8 am: e30ca16ae0 * commit 'e30ca16ae0e41375201de9132866f5680a5d7baa': Add KM_TAG_ALLOW_WHILE_ON_BODY Add attestation support to keystore.
|
50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a |
|
21-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to keystore. Bug: 22914603 Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2
/system/security/keystore/include/keystore/IKeystoreService.h
|
ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e |
|
09-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow uid to be passed for more operations This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to accept a uid to run as. This is only for system to use keys owned by Wifi and VPN, and not something that can be used to do operations as another arbitrary application. Bug: 23978113 Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/include/keystore/IKeystoreService.h
|
b2d68d151b68153f92fc9e615ad164e3ce873fb6 |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
resolved conflicts for merge of 57e106dc to mnc-dev-plus-aosp Change-Id: I7d753e87c43945a1a02bfa2d62000ffb96aea858
|
57e106dc183744cdc05c62bea11bc285b3346846 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/include/keystore/IKeystoreService.h
|
8cfb8ac6e9bd291e9d861a32de2719e3bc797191 |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/include/keystore/IKeystoreService.h
|
e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. (cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9) Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
c0f031a867a6c3fa05732fcd72bd284d56073cf8 |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. (cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce) Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
9443616391a705856b2cad026afb69dc23a346e9 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
fd777e7111ce01c672706867302db08371e5afce |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. (cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e) Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
96d6d7868303ad87f1f408c40d3c44bcb39f561e |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
96cf1b1ee907696cc4342c1b4992c657d0b6aa33 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Include operation handle in OperationResult"
|
41efb6a58c7efd63d3493f9095284c74ed363d46 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add authorization binder methods"
|
154d7699cc30ef5156d6497258c4dd350fcb1286 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations generateKey and begin can now optionally take an array of bytes to add to the rng entropy of the device before the operation. If entropy is specified and the device does not support add_rng_entropy or the call fails then that device will not be used, leading to fallback or error depending on the situation. Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/include/keystore/IKeystoreService.h
|
d663442b590b59250062335cc057478001b8e439 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make client/app ids objects in the binder API Previously a null client/app id was translated into a blob with length=0, data=NULL, but this was a bit janky and required null ids to be set on key creation/import. Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/include/keystore/IKeystoreService.h
|
2ed2baa7de690b09430b40625e6b18d10757a2fd |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add authorization binder methods Add methods for sending an auth token to keystore and to query the authorization state of a given operation. These methods are currently stubs until authorization is implemented. Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/include/keystore/IKeystoreService.h
|
c3a1856bbe2e39d5b3430f5f088b12fd710a159f |
|
18-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Include operation handle in OperationResult Some authorization code needs to know the actual underlying operation handle, not simply a reference to it, so return it in case it is needed. Note that the handle cannot be used by the application to reference an operation. Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/include/keystore/IKeystoreService.h
|
40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/include/keystore/IKeystoreService.h
|
9899d6b392e8223c3c00bfccadd43b18cdc96b4f |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 1.0 binder methods Add all the serialization required for the new keystore binder API to support keymaster 1.0. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/include/keystore/IKeystoreService.h
|
6266c9670154d33488c2d31d1715b2a35f5e631b |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Add Keymaster 0.4 binder methods" This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399. Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/include/keystore/IKeystoreService.h
|
c5b1ae13eca39a1f63cc690369d1eee445d3c399 |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 0.4 binder methods Add all the serialization required for the new keystore binder API to support keymaster 0.4. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/include/keystore/IKeystoreService.h
|
4e865753346fc6a075966972a7a98051818859db |
|
19-Aug-2014 |
Robin Lee <rgl@google.com> |
APIs for syncing password between profiles Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/include/keystore/IKeystoreService.h
|
1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/include/keystore/IKeystoreService.h
|
96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types (cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/include/keystore/IKeystoreService.h
|
0c540aad5915e6aa34345049be96f28b64d0e84c |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
/system/security/keystore/include/keystore/IKeystoreService.h
|
2ecc7a1efbb21d86d38b9e0348dfbf0e1213d920 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID Add ability for system UID to clear all entries for a different UID. (cherry picked from commit a9bb549868035e05450a9b918f8d7de9deca5343) Bug: 3020069 Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
/system/security/keystore/include/keystore/IKeystoreService.h
|
4306123e81371bd8bd85f77c2375d29ac53ff771 |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type Add an API to query the HAL to see what kind of storage it reports the device is. (cherry picked from commit 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d) Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
/system/security/keystore/include/keystore/IKeystoreService.h
|
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/include/keystore/IKeystoreService.h
|
0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/include/keystore/IKeystoreService.h
|
b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/include/keystore/IKeystoreService.h
|
07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/include/keystore/IKeystoreService.h
|