| 067042f6d7be14cb0f01388c41af597caf8e60fe |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Fix various memory errors.
Bug: 26910835
Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
|
| b3bb39218888c573c1b341d3ee11516b9ad2d3b4 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge changes from topic \'km_tag_allow_on_body\' am: a1433ee2f8
am: e30ca16ae0
* commit 'e30ca16ae0e41375201de9132866f5680a5d7baa':
Add KM_TAG_ALLOW_WHILE_ON_BODY
Add attestation support to keystore.
|
| 50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a |
|
21-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to keystore.
Bug: 22914603
Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2
/system/security/keystore/include/keystore/IKeystoreService.h
|
| ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e |
|
09-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow uid to be passed for more operations
This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to
accept a uid to run as. This is only for system to use keys owned by
Wifi and VPN, and not something that can be used to do operations as
another arbitrary application.
Bug: 23978113
Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/include/keystore/IKeystoreService.h
|
| b2d68d151b68153f92fc9e615ad164e3ce873fb6 |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
resolved conflicts for merge of 57e106dc to mnc-dev-plus-aosp
Change-Id: I7d753e87c43945a1a02bfa2d62000ffb96aea858
|
| 57e106dc183744cdc05c62bea11bc285b3346846 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes
Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 8cfb8ac6e9bd291e9d861a32de2719e3bc797191 |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/include/keystore/IKeystoreService.h
|
| e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API
Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.
(cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9)
Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
| c0f031a867a6c3fa05732fcd72bd284d56073cf8 |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods
These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.
(cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce)
Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 9443616391a705856b2cad026afb69dc23a346e9 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API
Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.
Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
| fd777e7111ce01c672706867302db08371e5afce |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods
These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.
Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
| eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic.
Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.
When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.
(cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e)
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 96d6d7868303ad87f1f408c40d3c44bcb39f561e |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic.
Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.
When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 96cf1b1ee907696cc4342c1b4992c657d0b6aa33 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Include operation handle in OperationResult"
|
| 41efb6a58c7efd63d3493f9095284c74ed363d46 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add authorization binder methods"
|
| 154d7699cc30ef5156d6497258c4dd350fcb1286 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/include/keystore/IKeystoreService.h
|
| d663442b590b59250062335cc057478001b8e439 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make client/app ids objects in the binder API
Previously a null client/app id was translated into a blob with
length=0, data=NULL, but this was a bit janky and required null ids to
be set on key creation/import.
Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 2ed2baa7de690b09430b40625e6b18d10757a2fd |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add authorization binder methods
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation. These methods are currently
stubs until authorization is implemented.
Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/include/keystore/IKeystoreService.h
|
| c3a1856bbe2e39d5b3430f5f088b12fd710a159f |
|
18-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Include operation handle in OperationResult
Some authorization code needs to know the actual underlying operation
handle, not simply a reference to it, so return it in case it is needed.
Note that the handle cannot be used by the application to reference an
operation.
Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations
Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 9899d6b392e8223c3c00bfccadd43b18cdc96b4f |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 1.0 binder methods
Add all the serialization required for the new keystore binder API to
support keymaster 1.0. The keystore methods themselves are left as
stubs, will be filled in in later commits.
Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 6266c9670154d33488c2d31d1715b2a35f5e631b |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Add Keymaster 0.4 binder methods"
This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399.
Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/include/keystore/IKeystoreService.h
|
| c5b1ae13eca39a1f63cc690369d1eee445d3c399 |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 0.4 binder methods
Add all the serialization required for the new keystore binder API to
support keymaster 0.4. The keystore methods themselves are left as
stubs, will be filled in in later commits.
Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 4e865753346fc6a075966972a7a98051818859db |
|
19-Aug-2014 |
Robin Lee <rgl@google.com> |
APIs for syncing password between profiles
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
(cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d)
Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 0c540aad5915e6aa34345049be96f28b64d0e84c |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 2ecc7a1efbb21d86d38b9e0348dfbf0e1213d920 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID
Add ability for system UID to clear all entries for a different UID.
(cherry picked from commit a9bb549868035e05450a9b918f8d7de9deca5343)
Bug: 3020069
Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 4306123e81371bd8bd85f77c2375d29ac53ff771 |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type
Add an API to query the HAL to see what kind of storage it reports the
device is.
(cherry picked from commit 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d)
Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
/system/security/keystore/include/keystore/IKeystoreService.h
|
| d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/include/keystore/IKeystoreService.h
|
| b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs
This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.
Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/include/keystore/IKeystoreService.h
|
| 07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder
Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/include/keystore/IKeystoreService.h
|