a95550f8016bbb0dba086dbd73eec63e6cdbbe98 |
|
17-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Add KM_MIN_MAC_LENGTH tag to HMAC and AES-GCM keys. This makes Android Keystore add the KM_MIN_MAC_LENGTH tag to generated and imported HMAC and AES-GCM keys. This tag specifies the minimum length of the MAC/authentication tag authorized to be used for the key. For HMAC keys the minimum MAC length is set to the length of the digest associated with the key (HMAC keys are authorized for exactly one digest). For AES keys the minimum authetication tag length is set to 96 bit. This is the minimum supported by Android Keystore's AES-GCM implementation. Bug: 22337277 Change-Id: Ic6e47cf084734d1592788dc58088889f7fff74eb
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
|
5c38e7918aea36ee8f516793d5641b05a8de710e |
|
08-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Reject AlgorithmParameters of wrong type. This makes Android Keystore Cipher implementations reject rather than ignore AlgorithmParameters of wrong algorithm type. The danger in not doing so is that a Cipher will produce output that does not actually depend on the provided AlgorithmParameters. Bug: 22330716 Change-Id: Ifa9de2c74f2fe4b738a3731c895059dddd075a13
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
|
d23dc502b0a1952887d4453cba98aa2e3d2f5009 |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Make NONEwithECDSA truncate input when necessary. Keymaster's implementation of ECDSA with digest NONE rejects input longer than group size in bytes. RI's NONEwithECDSA accepts inputs of arbitrary length by truncating them to the above size. This CL makes Android Keystore's NONEwithECDSA do the truncation to keep the JCA and Keymaster happy. The change is inside AndroidKeyStoreECDSASignatureSpi$NONE. All other small modifications are for supporting that change by making it possible for AndroidKeyStoreSignatureSpiBase to pass in the signature being verified into KeyStoreCryptoOperationStreamer. This in turn is needed to make it possible for NONEwithECDSA implementation to provide a wrapper streamer which truncates input. Bug: 22030217 Change-Id: I26064f6df37ef8c631d70a36a356aa0b76a9ad29
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
|
ae6cb7aad56bb006769cd8a69b92af7236644fc1 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster INT, LONG and DATE tag values are unsigned. This CL ensures that Android Keystore framework code complies with signedness of keymaster tags. In particular: * INT tags are unsigned 32-bit numbers, and * LONG and DATE tags are unsigned 64-bit numbers. The ensure compliance, KeymasterArguments and KeyCharacteristics classes through which Android Keystore interacts with Keymaster tags have been modified as follows: * ENUM and INT tags which used to be conflated are now added/queried via separate methods, because ENUM can remain represented as an int data type whereas INT is now represented as a long data type with permitted range being [0; 2^32). * Methods for adding/quering LONG tags have been switched from the long data type to the BigInteger data type and now ensure that the value is in the permitted [0; 2^63). * Methods for adding/querying DATE tags now ensure the Date value is in the permitted range [0; 2^63) ms since Unix epoch. * Methods for adding tags throw an IllegalArgumentException if the tag type is unsuitable for the method. This is to ensure that tags with invalid values cannot be added through similar methods (e.g., INT tag added via an ENUM tag addition method invoked with a negative value). Bug: 22008538 Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
|
00af27b7d9010eb41e45959dab7c4ff6de119897 |
|
02-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Expose AES GCM backed by Android Keystore. Bug: 18088752 Bug: 21786749 Change-Id: Ica90491037d2920f7635195894ba18882fc4406d
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreAuthenticatedAESCipherSpi.java
|