| 89c52f16ecea4ebf08d6b3c863e0848438bac23d |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge "Update Keystore to use keymaster2 HAL." am: fd50293cd5
am: f647e0a994
* commit 'f647e0a99492d21825e891c53b9a05fed04dbb9c':
Update Keystore to use keymaster2 HAL.
|
| c1d1feee514e6138e1ed8ff924f5453ba8e1408a |
|
27-Jan-2016 |
Shawn Willden <swillden@google.com> |
Refactor keystore.
This CL isn't nearly as big as it looks. It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.
Note that this is a cherry-pick from:
https://android-review.googlesource.com/#/c/194971
Change-Id: Ide326c4f1d03984994d1bd9a76fa68d37da230dc
/system/security/keystore/keystore.cpp
|
| 715d023c9294cf4860f73c8d83e82c5aa699add6 |
|
21-Jan-2016 |
Shawn Willden <swillden@google.com> |
Update Keystore to use keymaster2 HAL.
This CL doesn't wire in any of the new keymaster2 features, it just uses
the keymaster2 HAL rather than the keymaster1 HAL. This means that if
keymaster1 hardware is found, it is unconditionally wrapped in
SoftKeymasterDevice, so keymaster2 functionality can (eventually) be
provided.
Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3
/system/security/keystore/keystore.cpp
|
| 6507c27ab7ea34dd150d7ef9fda41878ed32547c |
|
06-Jan-2016 |
Shawn Willden <swillden@google.com> |
Refactor keystore.
This CL isn't nearly as big as it looks. It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.
Change-Id: I29a1ce21bff574be56128b32fc417e5a3d3c55fb
/system/security/keystore/keystore.cpp
|
| 80b09638de3571d2c12aa3d6e3d22682fc431b72 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Merge "Limit maximum number of concurrent keystore operations."
am: 108a5d34b5
* commit '108a5d34b5ce181dff52906a66862ec084841ec4':
Limit maximum number of concurrent keystore operations.
|
| 447095f2a797e7ffeeda13477498d4dda0a7353a |
|
30-Oct-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations.
Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
|
| 85978d0c5991cebaec1211d4111fbbcb01f27514 |
|
03-Nov-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. am: ddab0bb513 am: 7335397765
am: d7870f1fea
* commit 'd7870f1fea0f7d27dd46153558766088414ec640':
Limit maximum number of concurrent keystore operations.
|
| d7870f1fea0f7d27dd46153558766088414ec640 |
|
02-Nov-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. am: ddab0bb513
am: 7335397765
* commit '733539776541fa51bddf2d38fb57e556d563d9af':
Limit maximum number of concurrent keystore operations.
|
| ddab0bb51320af9f277d98a4e36e77ea527503e5 |
|
30-Oct-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations.
If keystore is allowed to consume all 16 of the keymaster operation
table slots, cryptfs may not be able to use keymaster to protect the
disk encryption key during a password change. This CL prevents keystore
from allowing more than 15 concurrent keystore operations, leaving one
available for cyptfs.
Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
|
| f240a412a5ecb9dd104bf8a274d16f1683c2bcd1 |
|
12-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
am bc22f8d6: am 410ba59a: Fix failure to save master key on new profile
* commit 'bc22f8d63e2ca24ee4ee9d61258d6704bc78724b':
Fix failure to save master key on new profile
|
| 4ada9a3f62bab66a2e7cd4fc05fb208033412980 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
am 549adfa1: am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial"
* commit '549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2':
keystore: log pid and uid when auditing SE Linux denial
|
| 549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial"
* commit '75ddca240244626f8af999fa7fb64d500efa4938':
keystore: log pid and uid when auditing SE Linux denial
|
| 75ddca240244626f8af999fa7fb64d500efa4938 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
Merge "keystore: log pid and uid when auditing SE Linux denial"
|
| 410ba59a76a8feb48ffb5bde3045ac6f76db0c36 |
|
10-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix failure to save master key on new profile
New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.
Bug: 23889443
(cherry picked from commit 79e0f6440aee69659bc01a0669a329dbaeaf471c)
Change-Id: I1f148fde3862d22292dfce217aacdc3f70f9c2ef
/system/security/keystore/keystore.cpp
|
| e46b855e51233a33880e35eff9553550dc797754 |
|
02-Oct-2015 |
William Roberts <william.c.roberts@intel.com> |
keystore: log pid and uid when auditing SE Linux denial
When debugging SE Linux rules, the pid and uid of the source context are
helpful in determining what was involved in generating the policy violation.
This information was absent from the keystore logs.
To remedy this, we add pid and uid to the logs:
avc: denied { exist } for pid=571 uid=1000 ...
Change-Id: Ic22128720aa8ac225f26896f9e710783c8ab4f70
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/system/security/keystore/keystore.cpp
|
| 7a8a436c1dd8a07e1cf718d6a3f59537a7ee6677 |
|
11-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Fix failure to save master key on new profile"
|
| 79e0f6440aee69659bc01a0669a329dbaeaf471c |
|
10-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix failure to save master key on new profile
New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.
Bug: 23889443
Change-Id: I73dfa5d8a2ed064762440dca0ee1a0115b291a97
/system/security/keystore/keystore.cpp
|
| ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e |
|
09-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow uid to be passed for more operations
This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to
accept a uid to run as. This is only for system to use keys owned by
Wifi and VPN, and not something that can be used to do operations as
another arbitrary application.
Bug: 23978113
Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/keystore.cpp
|
| dbb856e278adb2a1dc05e585a54d80b068247c3c |
|
27-Aug-2015 |
Chad Brubaker <cbrubaker@google.com> |
Remove legacy KM_TAG_CREATION_DATETIME
KM_TAG_CREATION_DATETIME is never set anywhere else and the computation
leads to an unsigned overflow false positive.
Change-Id: I7eca6a975ca2f8b199dfcb4871a1e1d6750afc78
/system/security/keystore/keystore.cpp
|
| c2120744da8d0612ad54484b314f94e1e6e3a167 |
|
13-Aug-2015 |
Shawn Willden <swillden@google.com> |
Merge "Wrap incomplete keymaster1 implementations with sw keymaster." into mnc-dr-dev
|
| 54b1e9ad01c8042a449a9237833a335d6be04e83 |
|
12-Aug-2015 |
Chad Brubaker <cbrubaker@google.com> |
Properly check for Blob max length
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE
Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
/system/security/keystore/keystore.cpp
|
| 55268b5b037a8c3537602b1073ad624455d3672d |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Wrap incomplete keymaster1 implementations with sw keymaster.
SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests. This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.
The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key). Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API. This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.
Bug: 22529223
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
/system/security/keystore/keystore.cpp
|
| 803f37f5d1bf75cb6e0d007f7d473645efd19a1d |
|
29-Jul-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix unchecked length in Blob creation
Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.
Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
/system/security/keystore/keystore.cpp
|
| 2de8b75821bd62c90dde78e2ca78bbddfaf7ab19 |
|
23-Jul-2015 |
Shawn Willden <swillden@google.com> |
Add all digests and padding modes to legacy keys
Bug: 22556114
Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659
/system/security/keystore/keystore.cpp
|
| a9a17eeca2f5d9d3101a7e0bb136360697b6e2f0 |
|
17-Jul-2015 |
Chad Brubaker <cbrubaker@google.com> |
Mark 0 length files as corrupt
Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.
Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.
Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
/system/security/keystore/keystore.cpp
|
| b913aa5774c96fae83afe3dd1935394f0edcaaa9 |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Abort operation pruning only if it fails to make space." into mnc-dev
|
| 700c1a35c52798831b8a8d76a042c4650c6d793f |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Abort operation pruning only if it fails to make space.
keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.
The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.
The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.
Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
/system/security/keystore/keystore.cpp
|
| 4e88f9be2b3bb3dcea43f338532882681ee77352 |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Don't ignore errors from begin operation.
This fixes a bug introduced by
9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.
Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
/system/security/keystore/keystore.cpp
|
| 9221bff2f13451ef330135bb32ea96de2a8b09cc |
|
19-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster authorization policy enforcement to keystore.
Bug: 19511945
Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
/system/security/keystore/keystore.cpp
|
| 84c14f0957b365fd33534b88b7eec97b287b67b9 |
|
18-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Remove exist check from doLegacySignVerify" into mnc-dev
|
| df70517b8d85b30e6ac7001ec68348f07d5129cb |
|
18-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Remove exist check from doLegacySignVerify
exist requires the keystore exist permission which callers of
sign/verify may not have. Instead log key not found if begin returns
::KEY_NOT_FOUND.
Bug: 21658885
Change-Id: I8c42f3a636a248e3fb1f0344bf32667fce57f667
/system/security/keystore/keystore.cpp
|
| b2ffa420da26414379b31807eec76ec8c9f3b0a9 |
|
17-Jun-2015 |
Shawn Willden <swillden@google.com> |
Don't check authorizations for pubkey operations.
Bug: 21877150
Change-Id: I43dafb66fc3246f4d8e3bf4743fbdcbe072468d1
/system/security/keystore/keystore.cpp
|
| 773a2ba83309dc531c5a4b61ec0658bd6ee67dab |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes
Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
|
| 3a7d9e626fa6c0e116c07be912c319aad6e08614 |
|
05-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Rewrite legacy methods in terms of new methods
Rewrite generate, import, get_pubkey, sign and verify using the new
keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish).
This also removed DSA support from generate and import.
Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
/system/security/keystore/keystore.cpp
|
| 3cc40125e8b495e7f0784dad53bb9acdb5b9a8eb |
|
04-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow keymaster 0.3 keys to interopt with keymaster 1.0 methods
Keymaster 0.3 keys are all valid keymaster 1.0 keys, so allow get to
return a keymaster 0.3 when looking for a 1.0 key to allow new methods
to work on old keys.
Change-Id: I20a32e39769a548224bcca7a42ef967285431c5d
/system/security/keystore/keystore.cpp
|
| f82cd5c843faddb89156d331c8d96522878a0524 |
|
04-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add optional additional entropy to finish" into mnc-dev
|
| 0d33e0babec356b1e69f1f15e8d9fe2ad878762c |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
(cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191)
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
|
| 8c683b98e0b7ed1aa319f727f1d87ba5c410b30b |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Use keymaster adapter to support older devices" into mnc-dev
|
| 57e106dc183744cdc05c62bea11bc285b3346846 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes
Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
|
| bd07a239085228c25898bc6cdece8b1b8758df83 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use keymaster adapter to support older devices
The keymaster adapter wraps the hardware module to allow keystore to
call the new keymaster methods on it and continue using old keys created
by that device with the new methods.
Change-Id: Ica08d81c3707023d378ad5fe6562dc642f58ca90
/system/security/keystore/keystore.cpp
|
| 8cfb8ac6e9bd291e9d861a32de2719e3bc797191 |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish
If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
|
| e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API
Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.
(cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9)
Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
|
| 9bee6bd6335d6e82f8227ba2c268d31361b048fc |
|
15-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Cleanup keystore API"
|
| c0f031a867a6c3fa05732fcd72bd284d56073cf8 |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods
These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.
(cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce)
Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
|
| 72593ee807e89239d98ae08d32c733ecc08203ba |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor uids to user ids where appropriate
UserState related methods previously took uid's while the state was
based on userId, with the new keystore methods taking userIds start
moving everything in that direction.
(cherry-picked from commit 4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b)
Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
|
| 8df5438982209eecb04921b0202dc9ad11e9c31d |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix missing ALOG argument
Change-Id: If0dca499c884100f296d38bcde7183b186bca44c
/system/security/keystore/keystore.cpp
|
| 9443616391a705856b2cad026afb69dc23a346e9 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API
Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.
Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
|
| fd777e7111ce01c672706867302db08371e5afce |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods
These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.
Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
|
| 4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor uids to user ids where appropriate
UserState related methods previously took uid's while the state was
based on userId, with the new keystore methods taking userIds start
moving everything in that direction.
Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
|
| eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic.
Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.
When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.
(cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e)
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
|
| 96d6d7868303ad87f1f408c40d3c44bcb39f561e |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic.
Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.
When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
|
| b37a52337f001f8a43f7cbb64203dba78560ee6b |
|
01-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix permission check in reset_uid and clear_uid
System should be able to call these methods with any targetUid.
(cherry picked from commit 01771ae9db7338377317d82e9c7d8dfa2d4299a8)
Bug: 20752184
Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
|
| 01771ae9db7338377317d82e9c7d8dfa2d4299a8 |
|
01-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix permission check in reset_uid and clear_uid
System should be able to call these methods with any targetUid.
Bug: 20752184
Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
|
| 0400675b20e36b976ec13b63e290e6d5d19bf654 |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Enable SoftKeymasterDevice logging.
Bug: 20717652
Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
(cherry picked from commit 2764f8672d22ccfb4ed588ce567ef093c7d3e013)
/system/security/keystore/keystore.cpp
|
| 9e5016af70cf40f3f443196133d711e28297cdde |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Enable SoftKeymasterDevice logging.
Bug: 20717652
Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
/system/security/keystore/keystore.cpp
|
| 9fd05a9a6299e9688c8fcf755516ea254868d187 |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Use SoftKeymasterDevice::keymaster_device rather than casting.
Also document that SoftKeymasterDevice should not be freed.
Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
(cherry picked from commit 47a79ffad8333120870cb613fa4e75990b073026)
/system/security/keystore/keystore.cpp
|
| ef572b648ef26b3348fcbd7c75a8d13292bd094b |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Use SoftKeymasterDevice::keymaster_device rather than casting.
Also document that SoftKeymasterDevice should not be freed.
Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
/system/security/keystore/keystore.cpp
|
| 7169a8470f6539036addf3c960b075af224e83e2 |
|
30-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix addOperationAuthTokenIfNeeded lookup
(cherry picked from commit 6b541163b3f3271f48e6ff74d1f1da64c6bb8802)
Bug: 20702036
Change-Id: I4caa9f7a6e6e2b05f63b12180a5af65d3a5c0bac
/system/security/keystore/keystore.cpp
|
| 6b541163b3f3271f48e6ff74d1f1da64c6bb8802 |
|
30-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix addOperationAuthTokenIfNeeded lookup
Bug: 20702036
Change-Id: I08038ba0ee9e3a35f6c37ce572df284be728b4a7
/system/security/keystore/keystore.cpp
|
| 0cf34a249c008743cf2e2371743a89f86aa4b03c |
|
23-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Move auth token checking to begin
Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.
One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.
(cherry picked from commit aebbfc2ba548064e4f537154bab6ec60dfe4115e)
Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff
/system/security/keystore/keystore.cpp
|
| aebbfc2ba548064e4f537154bab6ec60dfe4115e |
|
23-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Move auth token checking to begin
Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.
One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.
Change-Id: I5dda40803e7b2aecac27defc64d6d3f630d3f0d0
/system/security/keystore/keystore.cpp
|
| 57430977cf7b758a4fe955933e32c5d2d44574b2 |
|
17-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am c598fab3: am d914f657: am 7a4dd551: Merge "Flush the auth token table on resetUid"
* commit 'c598fab3ae8e363f84e2d6f41dd6511e27df240f':
Flush the auth token table on resetUid
|
| bbc7648d285f67b898d24d307b011fb676ba6643 |
|
17-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Flush the auth token table on resetUid
This prevents old stale auth tokens from sticking around after clearing.
Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900
/system/security/keystore/keystore.cpp
|
| 7e6916b6c6019f0f61a4ef757863ca16693128f5 |
|
15-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am a1581c4e: am 83ee2e7a: am f1b8f6bf: Merge "Refactor permission and state checking"
* commit 'a1581c4e1778b31d4fd8cfe9a1219b93d5276df2':
Refactor permission and state checking
|
| 9489b7905acfb27a99dd505364a715f4cf2ab5e6 |
|
14-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor permission and state checking
Move the permission checking code to checkBinderPermission and
checkBinderPermissionOrSelf target to simplify permission checking code
and clean up keystore methods. Also adds
checkBinderPermissionAndKeystoreState as a helper method to check the
permission and the unlock state of the keystore.
Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559
/system/security/keystore/keystore.cpp
|
| 87f0b385a188db1df285c0ce820b7e2ab43e1e1c |
|
10-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 8c6319b6: am cf0de02b: am 368a1f93: Merge "Store the key characteristics for operations"
* commit '8c6319b69c51102a0fae3baba0585130e278edab':
Store the key characteristics for operations
|
| ad6514ab7a57504aa3b04bcc383f60940b923710 |
|
09-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Store the key characteristics for operations
Instead of storing the key blob and parsing the characteristics out,
which some implementations might not support, instead call get
characteristics on begin and store that result for subsequent auth
calls.
Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12
/system/security/keystore/keystore.cpp
|
| eeb99fe1b42c7b4f8298c464cc532994b8531031 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am dbc0be0a: am a6aa6000: am c1e78258: Merge "Add auth token fetching"
* commit 'dbc0be0a3efb02221913d03ac7dcf9f3832ac06b':
Add auth token fetching
|
| a197d3377a1672439023b9509e402a5abeea8e21 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 7fffb19f: am 12ef4ba4: am 8c195ad7: Merge "Implement addAuthToken"
* commit '7fffb19f1a0f6da7c051299b6a69504f7078ab20':
Implement addAuthToken
|
| 06801e0a7ccabbe8f22cff29b7edb7c7d02d7692 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add auth token fetching
Auth tokens are now fetched from the table in begin update and finish if
needed. Begin will not fail on a missing/expired auth token since some
authorization requires a valid operation handle.
This doesn't yet do any enforcement of the token beyond what the auth
token table does, that should happen in the keymaster auth code when it
is done.
This also includes the key in the operation map since authorization
works based off that and not the handle.
Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1
/system/security/keystore/keystore.cpp
|
| d80c7b487b2f7f0bf955d0efeaa3db6dcd160639 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement addAuthToken
Change-Id: I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd
/system/security/keystore/keystore.cpp
|
| 46552e74f266f3998e42d45d2d13eb1b44a7a01c |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 026efd18: am eeb4e1e1: am 96cf1b1e: Merge "Include operation handle in OperationResult"
* commit '026efd182ec465169dde8879d2717be580e15846':
Include operation handle in OperationResult
|
| 96cf1b1ee907696cc4342c1b4992c657d0b6aa33 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Include operation handle in OperationResult"
|
| 36d1b897161385479d511b3c416dc81058e34221 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 534b1800: am ec129679: am 41efb6a5: Merge "Add authorization binder methods"
* commit '534b1800f39b5b72de641cf7f3271bf9cd77ef4d':
Add authorization binder methods
|
| 41efb6a58c7efd63d3493f9095284c74ed363d46 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add authorization binder methods"
|
| 2a36a4f1d738185619b9aa48260fb34a39d04c37 |
|
28-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 3b8021da: am 56cba306: am 1cee95d5: Merge "Allow entropy to be provided to some operations"
* commit '3b8021da70494509b46be903a8624a911e63ae08':
Allow entropy to be provided to some operations
|
| 154d7699cc30ef5156d6497258c4dd350fcb1286 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/keystore.cpp
|
| bb219bcfcc868cd2a52483e32a5c33412ede83d3 |
|
25-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am f44043da: am d020cf7f: am e3ec7541: Merge "Make client/app ids objects in the binder API"
* commit 'f44043daf3ea073823b10f535b237b3ab624a291':
Make client/app ids objects in the binder API
|
| d663442b590b59250062335cc057478001b8e439 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make client/app ids objects in the binder API
Previously a null client/app id was translated into a blob with
length=0, data=NULL, but this was a bit janky and required null ids to
be set on key creation/import.
Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/keystore.cpp
|
| 2ed2baa7de690b09430b40625e6b18d10757a2fd |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add authorization binder methods
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation. These methods are currently
stubs until authorization is implemented.
Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/keystore.cpp
|
| c3a1856bbe2e39d5b3430f5f088b12fd710a159f |
|
18-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Include operation handle in OperationResult
Some authorization code needs to know the actual underlying operation
handle, not simply a reference to it, so return it in case it is needed.
Note that the handle cannot be used by the application to reference an
operation.
Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/keystore.cpp
|
| 47f8edd24cf93a7e9dda01da82e8a579dc3be3f2 |
|
17-Mar-2015 |
Alex Klyubin <klyubin@google.com> |
am bf9efff8: am 3bfd091a: Merge "Implement keymaster 1.0 crypto operations"
* commit 'bf9efff8dc8b9c6b48ca2b487c0f9c4a287733f2':
Implement keymaster 1.0 crypto operations
|
| e4af5e6bb0a6d393b0e5cac2978366de0a23f3d8 |
|
17-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 6ee02f24: am f394e372: Merge "Implement keymaster 1.0 export_key method"
* commit '6ee02f24e40223b51c6e66d0f7d527f9e4f3e622':
Implement keymaster 1.0 export_key method
|
| 944befbec268f0094c3c174156187066737d187d |
|
17-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 86466698: am b4e09c2d: Merge "Implement keymaster 1.0 import_key method"
* commit '864666987be48548d1077a2aa780b1cacb950657':
Implement keymaster 1.0 import_key method
|
| 40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations
Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/keystore.cpp
|
| 07b0cda3b14d16205ce3040d00bc18d15eda5fdc |
|
19-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 export_key method
Change-Id: I2a87cb61c340a099cc98d1a2db9e7390fb001b5d
/system/security/keystore/keystore.cpp
|
| 4c353cb98e52e2ea8f051b517fec064f1d3fa99f |
|
11-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 import_key method
Change-Id: I5bc24bc3177c6fc88141a42ed4d6a7a3d42e2c2f
/system/security/keystore/keystore.cpp
|
| 49185e7f39bcf8c79360a924fc405ebd4c1a70b0 |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 2ca97bcd: am af3e993d: Merge "Implement keymaster 1.0 get_key_characteristics method"
* commit '2ca97bcd70bd55a5bf75f1ed8e836bdc876c8c9d':
Implement keymaster 1.0 get_key_characteristics method
|
| af3e993d459791f77feb66756bc2ac21d46a052a |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Implement keymaster 1.0 get_key_characteristics method"
|
| f06a45374c63e11631e124dbb3199dda206e595b |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 48c45fec: am f24ee2bb: Merge "Removed unused variables"
* commit '48c45fec70722c0afd9af7e98b868bd0aa952ec8':
Removed unused variables
|
| db38ca0e0493b97597041cf1032976c46f4a12bd |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Removed unused variables
Change-Id: Ie2d46b2a864c9b0e75f4a055f2cc68810c16e763
/system/security/keystore/keystore.cpp
|
| 9c9cb2f32cc9e78a647411aae8bc24dfb02710ef |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am fc0bc737: am 1bc16e46: Merge "Implement keymaster 1.0 generate_key method"
* commit 'fc0bc7374ff769fd069e7fb0f4e4f7643b52916a':
Implement keymaster 1.0 generate_key method
|
| 6cce2c3420458fe7a29da6b6c7e6a246017dac3b |
|
11-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 629d2d27: am f9a96d81: am b0f70423: Merge "Implement keymaster 1.0 add_rng_entropy"
* commit '629d2d27f44798e3cf58f4671560ac04c4b59fe7':
Implement keymaster 1.0 add_rng_entropy
|
| 67d2a5029e8c25c5ee448e3bbd245cdcebe6abd3 |
|
11-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Fix build: Revert "Use keymaster 1.0 softkeymaster""
This reverts commit d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f.
Change-Id: I774a418f30b1f57fbccdb06efe242b0212370f02
/system/security/keystore/keystore.cpp
|
| f3f071fc5020fa5255f49e898a7c4a1cbf824a99 |
|
11-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 get_key_characteristics method
Change-Id: I02e1ff4ef67f5e3dcd34453ac2a16218961a03bf
/system/security/keystore/keystore.cpp
|
| 17d68b9520e66226f1c7b2e1b3bd183ac80ca58b |
|
06-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 generate_key method
Change-Id: Ib63de5d9ee8da60599af2e644122ac6777720c8c
/system/security/keystore/keystore.cpp
|
| d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f |
|
11-Mar-2015 |
Ed Heyl <edheyl@google.com> |
Fix build: Revert "Use keymaster 1.0 softkeymaster"
This reverts commit 919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee.
/system/security/keystore/keystore.cpp
|
| a909f80ddbe2174e223cf5266156eb2b9c4a0faf |
|
10-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 0d03a496: am bb196a1b: am 1b0fbce9: Merge "Use keymaster 1.0 softkeymaster"
* commit '0d03a496110f58f28a85e4d1e5e8640fcc589c61':
Use keymaster 1.0 softkeymaster
|
| 9c8612c88dc03dc52d85e7a482453e04e7e3e2a2 |
|
09-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 add_rng_entropy
Change-Id: Ib027930049dec289b62e45eaa6cad32c03d9556c
/system/security/keystore/keystore.cpp
|
| efd601baf982e17c09f581d6a462c0de046acd9a |
|
08-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
resolved conflicts for merge of 41ceb7db to master
Change-Id: I72c429dbf30f3313ca12ccee3cceb7ff6e49f719
|
| 919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee |
|
06-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use keymaster 1.0 softkeymaster
This changes the fallback device to the new keymaster 1.0 softkeymaster
as well as changes keystore to use keymaster1_device_t's everywhere
internally. It is safe to cast a keymaster0_device_t* to a
keymaster1_device_t* and access all the keymaster0 methods, but all
keymaster 1.0 method calls on the hardware device MUST check that the
device version is >= keymaster 1.0.
Change-Id: I6a5906da774f774723c14ea71f69b1c1efcc5a33
/system/security/keystore/keystore.cpp
|
| 9899d6b392e8223c3c00bfccadd43b18cdc96b4f |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 1.0 binder methods
Add all the serialization required for the new keystore binder API to
support keymaster 1.0. The keystore methods themselves are left as
stubs, will be filled in in later commits.
Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/keystore.cpp
|
| b060ae059cb9f891af49e93aa0d546b2e5a838a8 |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Revert "Add Keymaster 0.4 binder methods""
|
| 6266c9670154d33488c2d31d1715b2a35f5e631b |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Add Keymaster 0.4 binder methods"
This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399.
Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/keystore.cpp
|
| cbafa3d3c4cd39118380af2076b6eab12d6beedf |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add Keymaster 0.4 binder methods"
|
| 80843db63ed6b61c953a1243801117a15c9e8c38 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Separate keymaster0 and keymaster1 HALs.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
|
| a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498a |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Separate keymaster0 and keymaster1 HALs.
Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
|
| c5b1ae13eca39a1f63cc690369d1eee445d3c399 |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 0.4 binder methods
Add all the serialization required for the new keystore binder API to
support keymaster 0.4. The keystore methods themselves are left as
stubs, will be filled in in later commits.
Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/keystore.cpp
|
| 409350fe9d13f2b663a757e1384084856d279467 |
|
23-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Initialize the blob struct before using it."
|
| 7c1eb75a6898452867ca28a4d7fad2d91edca615 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix incorrect keymaster device usage.
importKey's fallback code used mDevice instead of mFallbackDevice when
falling back to software. Causing a crash.
Change-Id: Ic53bdbce9ae0d242ed958323c505cbf91372e421
/system/security/keystore/keystore.cpp
|
| 1773b442b16098c6d111d6371d4a986a0747992b |
|
20-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Initialize the blob struct before using it.
Bug: 19457895
Change-Id: Ie69cf9c5c8e6707b9e6d4ded5118775496df4bb9
/system/security/keystore/keystore.cpp
|
| c3d14005892efde05a7abdb476d7ffcd79fe5ff4 |
|
12-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Use a keystore_device for fallback to softkeymaster"
|
| fc18edcdfe2f7774e621030d51338f3216170b97 |
|
13-Jan-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a keystore_device for fallback to softkeymaster
Makes the fallback to the software keymaster code cleaner and removes
direct calls to the fallback methods to make changing the implementation
easier.
Change-Id: I24f91f159744991d25aa3ce0638fc3d16284aeb2
/system/security/keystore/keystore.cpp
|
| aaf9802da6cea710e0777abb852724e1825cad63 |
|
25-Jan-2015 |
Elliott Hughes <enh@google.com> |
Include <strings.h> for ffs.
No pun intended.
Change-Id: I89b2c73af143053223f8116e65456f85f09fb591
/system/security/keystore/keystore.cpp
|
| 50ad778dc24adbd2cb9c79ed4bf312b9fff17865 |
|
26-Sep-2014 |
Robin Lee <rgl@google.com> |
am 90c47791: Merge "Delete user\'s keys only after keystore reset" into lmp-dev
* commit '90c4779146c9ac154fe85cd6a0775f8e1fc29be8':
Delete user's keys only after keystore reset
|
| 90c4779146c9ac154fe85cd6a0775f8e1fc29be8 |
|
26-Sep-2014 |
Robin Lee <rgl@google.com> |
Merge "Delete user's keys only after keystore reset" into lmp-dev
|
| 4b84fdc21457e16b08dc2738f4744c9ca7f7cc46 |
|
24-Sep-2014 |
Robin Lee <rgl@google.com> |
Delete user's keys only after keystore reset
Original behaviour deletes all keys on the device, not just those for
the caller. We use the clear_uid routine to call delete_keypair on all
known keys instead.
Bug: 17403144
Change-Id: If43465ed593153a557b2129968a3adf12d2749cb
/system/security/keystore/keystore.cpp
|
| eb819f75ae440b39b441cff73808df5641286139 |
|
26-Sep-2014 |
Kenny Root <kroot@google.com> |
am a39da5a2: Fallback to software keystore on import_key failure
* commit 'a39da5a226975f8b75f93de255a21d526ae8d334':
Fallback to software keystore on import_key failure
|
| a39da5a226975f8b75f93de255a21d526ae8d334 |
|
25-Sep-2014 |
Kenny Root <kroot@google.com> |
Fallback to software keystore on import_key failure
This is to allow keymaster HAL 0.3 types to be able to fallback when
they don't support DSA or EC keys.
Bug: 17576126
Change-Id: I7e1e806e26fb61e2cd033d7d3a2c09560764ca42
/system/security/keystore/keystore.cpp
|
| f33c72fcd7b8e599e5d3d096ea3912fa3c53ff07 |
|
12-Sep-2014 |
Kenny Root <kroot@google.com> |
am 31e27468: isEmpty checks all files like reset
* commit '31e27468b6d822adbd2aec9219a68c206aa6957c':
isEmpty checks all files like reset
|
| 31e27468b6d822adbd2aec9219a68c206aa6957c |
|
10-Sep-2014 |
Kenny Root <kroot@google.com> |
isEmpty checks all files like reset
Since reset deletes all files in a user directory, change isEmpty to
alse look at all files in the directory. This makes the two symmetric.
Bug: 16935053
Change-Id: Id30685203f4b5484d757022ee971f8d877c15263
/system/security/keystore/keystore.cpp
|
| 9e0c0a784e4c94d7b829b5837bdad10076f06e98 |
|
04-Sep-2014 |
Chih-Hung Hsieh <chh@google.com> |
am f583a75c: Merge "Comment out unused parameter."
* commit 'f583a75c0940218c3df0170b514bcba1c992aecf':
Comment out unused parameter.
|
| a25b2a397fff48dea7bce16af2065e6f5f043956 |
|
03-Sep-2014 |
Chih-Hung Hsieh <chh@google.com> |
Comment out unused parameter.
BUG: 17281763
Change-Id: I1881e31893cd2d84389e4b29a4408d58654c20ca
/system/security/keystore/keystore.cpp
|
| 4e865753346fc6a075966972a7a98051818859db |
|
19-Aug-2014 |
Robin Lee <rgl@google.com> |
APIs for syncing password between profiles
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/keystore.cpp
|
| b224f0ae07dd86cd7493bd497e1174db52b3782d |
|
12-Aug-2014 |
Robin Lee <rgl@google.com> |
Correct double-convert from uid to userid
This was making readMasterKey and writeMasterKey always operate on
user 0, because of a double-division - getUserState(*) already
takes into account that the argument is a uid.
Fixes a number of issues related to multi-user and keystore; works
toward fixing bug 16233206.
(cherry picked from commit 50122db50bcb6c1aab50ef235c8f9d264b50e97a)
Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
|
| 50122db50bcb6c1aab50ef235c8f9d264b50e97a |
|
12-Aug-2014 |
Robin Lee <rgl@google.com> |
Correct double-convert from uid to userid
This was making readMasterKey and writeMasterKey always operate on
user 0, because of a double-division - getUserState(*) already
takes into account that the argument is a uid.
Fixes a number of issues related to multi-user and keystore; works
toward fixing bug 16233206.
Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
|
| a62474699a202588609d7051e677f23734151900 |
|
01-Aug-2014 |
Kenny Root <kroot@google.com> |
Merge "keystore: allow system to clear keys even while encrypted" into lmp-dev
|
| 931fac098f2ae35aa1da26ced57962c9a21f95cf |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: fully reset user keystore on request
The reset was improperly skipping the .masterkey file which left
keystore in a "LOCKED" state next time it was started up. The .masterkey
should have been deleted to leave it in the requested "UNINITIALIZED"
state next time it started.
It looks like some logic was left over to check the UID to see if it
matches the current user. Currently there's no way to have a UID in
the user directory that doesn't match the current user.
(cherry picked from commit a71c9d6bb8b12b38a12fcd18321eb67e3b974be8)
Bug: 13886753
Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
|
| 007cb236ada4b3d70815f03dd07116a5e187f4dd |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: allow system to clear keys even while encrypted
Since we can store keys that are unencrypted, we should allow the
clearing of data for apps when the keystore is still in a LOCKED state.
Also allow the system user to delete keys since this is necessary for
system maintenance when application data is cleared or the application
is uninstalled.
(cherry picked from commit e17c25459fc0f200134e10a1aaef12fa8f930f04)
Bug: 15751553
Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
|
| cf5a7fc9fbaa8a084fb874ad2d6780c6914cd278 |
|
01-Aug-2014 |
Kenny Root <kroot@google.com> |
Merge "keystore: fully reset user keystore on request"
|
| e17c25459fc0f200134e10a1aaef12fa8f930f04 |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: allow system to clear keys even while encrypted
Since we can store keys that are unencrypted, we should allow the
clearing of data for apps when the keystore is still in a LOCKED state.
Also allow the system user to delete keys since this is necessary for
system maintenance when application data is cleared or the application
is uninstalled.
Bug: 15751553
Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
|
| a71c9d6bb8b12b38a12fcd18321eb67e3b974be8 |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: fully reset user keystore on request
The reset was improperly skipping the .masterkey file which left
keystore in a "LOCKED" state next time it was started up. The .masterkey
should have been deleted to leave it in the requested "UNINITIALIZED"
state next time it started.
It looks like some logic was left over to check the UID to see if it
matches the current user. Currently there's no way to have a UID in
the user directory that doesn't match the current user.
Bug: 13886753
Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
|
| eaabae9bf8ff0873b0ece2a835f71ee6c6b49437 |
|
30-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add calls for SELinux MAC checks in keystore.
Add call to SELinux in the has_permission function call. Add
mapping of permission to string used by SELinux. The SELinux
rules currently mirror those currently defined in
keystore.cpp.
Change-Id: I5bfa92bb88f5ed4bf574434abdf28b54eef91a6d
/system/security/keystore/keystore.cpp
|
| 66dbf67dd65b4808a15ef64f0ffde1275bdd58a9 |
|
30-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Add calls for SELinux MAC checks in keystore."
getcon fails if SELinux is disabled. Revert for now until
a more appropriate fix is made.
This reverts commit 0e542d0b849a42b6641bf64fd87c7076c98b73d1.
Bug: 15945719
Change-Id: Ifa24608b374ea3dc8b5569a5cd214db823a00f26
/system/security/keystore/keystore.cpp
|
| 0e542d0b849a42b6641bf64fd87c7076c98b73d1 |
|
19-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add calls for SELinux MAC checks in keystore.
Add call to SELinux in the has_permission function call. Add
mapping of permission to string used by SELinux. The SELinux
rules currently mirror those currently defined in
keystore.cpp.
Change-Id: I3893a25c50b24396b4198ec8b949eee045987ae8
/system/security/keystore/keystore.cpp
|
| 1d448c074a86ef5d05a22fdf1358718976628a86 |
|
21-Nov-2013 |
Kenny Root <kroot@google.com> |
Add support for specifying which key types are supported
Change-Id: Ia5a331868ea3e09891c52bbabc2942554253c458
/system/security/keystore/keystore.cpp
|
| c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5 |
|
06-Dec-2013 |
haitao fang <haitao.fang@sonymobile.com> |
Fix the Vector erase bug
In the Vector traversal and delete operation, we can't
move to the next item when we use the erase function.
Change-Id: I9accfb7f109f73dcec900b666077120235bf7ef1
/system/security/keystore/keystore.cpp
|
| 6489e02e134e4779d35c4a340ff68ad445fde133 |
|
02-Dec-2013 |
Matteo Franchin <matteo.franchin@arm.com> |
Use %zu, %td for size_t, ptrdiff_t, respectively.
Changing ALOG format strings to %zu (for one size_t integer) and to
%td (for a couple of pointer differences). These changes are necessary
when compiling for LP64 architectures.
Change-Id: I9bb667500af1b82c360f0fc84e50d70bd46cba6e
Signed-off-by: Matteo Franchin <matteo.franchin@arm.com>
/system/security/keystore/keystore.cpp
|
| 72f6fde4563f9e5f2aff8211a54342d752aa7029 |
|
16-Oct-2013 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 1a023f89 to klp-dev-plus-aosp
Change-Id: I61c3d1ea509adc54b85bb6bb11350b6c466a8608
|
| fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbc |
|
15-Oct-2013 |
Kenny Root <kroot@google.com> |
Fix some spots where targetUid was missed
Some of the targetUid arguments weren't used where they should have
been.
Change-Id: Ief5df897440ddfb572feb57026a6057d64c7c09b
/system/security/keystore/keystore.cpp
|
| f90361244bacff74988fdcd33bc986e143860b10 |
|
09-Oct-2013 |
Kenny Root <kroot@google.com> |
am ee8068b9: Set encrypted flag when appropriate
* commit 'ee8068b9e7bfb2770635062fc9c2035be2142bd8':
Set encrypted flag when appropriate
|
| ee8068b9e7bfb2770635062fc9c2035be2142bd8 |
|
07-Oct-2013 |
Kenny Root <kroot@google.com> |
Set encrypted flag when appropriate
"generate" and "put" were not setting the encrypted flag in the blob
written to disk. Add setting the flag whenever appropriate for these
functions.
Additinally, the master key should always be encrypted.
Bug: 11113056
Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
/system/security/keystore/keystore.cpp
|
| dc3b74f61eb0aa00bfcc6e2679338d5c7ba4bc97 |
|
11-Sep-2013 |
Kenny Root <kroot@google.com> |
am ace0b422: Merge "Use canonical UniquePtr.h header"
* commit 'ace0b4229a8ad6682e4439e3853de923c91628dc':
Use canonical UniquePtr.h header
|
| 26cfc08add3966eca5892e3387cf5ed6dc3068fb |
|
11-Sep-2013 |
Kenny Root <kroot@google.com> |
Use canonical UniquePtr.h header
Change-Id: Iab1dc428c2330a07a5944a1cfbb25c8134b11950
/system/security/keystore/keystore.cpp
|
| 70f16c198320a36bde1c2fe522ce26bd963ec920 |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
(cherry picked from commit 1b0e3933900c7ea21189704d5db64e7346aee7af)
Bug: 10600582
Change-Id: I52418ade881d053229dd3c1d0cf438823468b51b
/system/security/keystore/keystore.cpp
|
| b4d2e0233f6aeb69d4c2a216830709040e52366e |
|
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations
Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.
(cherry picked from commit 17208e0de5a42722901d803118745cca25fd10c1)
Bug: 10600582
Change-Id: Ic02102cb2b7f66e2ad3469f4edd9d03c4ae3fdf4
/system/security/keystore/keystore.cpp
|
| 86b16e8c0d353af97f0411917789308dba417295 |
|
09-Sep-2013 |
Kenny Root <kroot@google.com> |
Move key name creation to common path
Bug: 10676015
Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
/system/security/keystore/keystore.cpp
|
| 1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/keystore.cpp
|
| 17208e0de5a42722901d803118745cca25fd10c1 |
|
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations
Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.
Bug: 10600582
Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
/system/security/keystore/keystore.cpp
|
| 96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
(cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d)
Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/keystore.cpp
|
| 6071179a371fcd4c238375068ffd7d3cedea615d |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
Change-Id: Ibee8d172eeb36f1a2e2ce62f275aea55ada5bcbf
/system/security/keystore/keystore.cpp
|
| a77e809ecff5190790906fb7a3c527259c735071 |
|
14-Jun-2013 |
Douglas Leung <douglas@mips.com> |
Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips.
Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029
Signed-off-by: Douglas Leung <douglas@mips.com>
/system/security/keystore/keystore.cpp
|
| 60898896c3f3b2245d10076cac64346c956dbaa5 |
|
17-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix import as other UIDs
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
(cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063)
Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
/system/security/keystore/keystore.cpp
|
| f9119d6414f43ef669d64e9e53feb043eda49cf3 |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
(cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c)
Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
/system/security/keystore/keystore.cpp
|
| 5f53124250025d3113c9c598a2f101330144b10c |
|
12-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix bug in clear_uid
(cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66)
Bug: 8566369
Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
/system/security/keystore/keystore.cpp
|
| 655b958eb2180c7c06889f83f606d23421bf038c |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add multi-user support
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
Bug: 7249554
Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
/system/security/keystore/keystore.cpp
|
| 483407eaca108d3717bb49770915d6d95d5d0e0c |
|
05-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix inverted hardware keystore check
Check should be that the 'is_software' flag is off.
Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
/system/security/keystore/keystore.cpp
|
| ff620c25d1af495c74cdeb4e5a652adf6858cf88 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
Fix CL split and build
Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
/system/security/keystore/keystore.cpp
|
| cfeae072c96d84f286ddbf0aff8055c12c7c4f15 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix upgrades
During an upgrade, a blob would be written out to disk. Whenever a blob
is written to disk, it is encrypted in-place. After upgrade, keystore
would attempt to use the blob, but get garbage instead of what it
expected since it was encrypted.
This moves the work of writing up a level so it can then re-read the
blob after upgrade.
Bug: 7249554
Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
/system/security/keystore/keystore.cpp
|
| a9bb549868035e05450a9b918f8d7de9deca5343 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID
Add ability for system UID to clear all entries for a different UID.
Bug: 3020069
Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
/system/security/keystore/keystore.cpp
|
| 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type
Add an API to query the HAL to see what kind of storage it reports the
device is.
Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
/system/security/keystore/keystore.cpp
|
| d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/keystore.cpp
|
| 0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/keystore.cpp
|
| 494689083467ec372a58f094f041c8f102f39393 |
|
19-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: allow system UID to WiFi or VPN
Previously we redirected all calls from the wifi or vpn UIDs to the
system UID's namespace. This switches the paradigm to allow system to
write into wifi and vpn UID keystore spaces instead.
Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
/system/security/keystore/keystore.cpp
|
| 9d45d1caba5135e6b8bd6d05d449e8dcf52b6802 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: Check for unlock, not for specific state
Most callers only care if the keystore is unlocked for use and not
whether it's in a specific state. Change this now so we can change the
states later.
Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
/system/security/keystore/keystore.cpp
|
| b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs
This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.
Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/keystore.cpp
|
| d38a0b07a3104fcb1e747a0fa06641dee8fc058f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: rename uid to callingUid
Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
/system/security/keystore/keystore.cpp
|
| 70c9889c5ca912e7c492580e1999f18ab65b267b |
|
07-Feb-2013 |
Kenny Root <kroot@google.com> |
Remove Value and ValueString classes
This was left-over from previous changes and nothing really used it any
more.
Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
/system/security/keystore/keystore.cpp
|
| 36a9e231e03734cd2143383d26388455c1764e17 |
|
04-Feb-2013 |
Kenny Root <kroot@google.com> |
Fix mtime via Binder
Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
/system/security/keystore/keystore.cpp
|
| 5281edbc9445065479e92a6c86da462f3943c2ca |
|
22-Nov-2012 |
Kenny Root <kroot@google.com> |
Actually terminate on EOF
Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
/system/security/keystore/keystore.cpp
|
| 150ca934edb745de3666a6492b039900df228ff0 |
|
14-Nov-2012 |
Kenny Root <kroot@google.com> |
EINTR handling and debugging for error cases
Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY
while others were. Add them where necessary.
Additionally, some error cases were not logging any messages so things
would mysteriously fail if there was an underlying filesystem problem.
Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
/system/security/keystore/keystore.cpp
|
| 07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder
Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/keystore.cpp
|
| c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997 |
|
14-Sep-2012 |
Pavel Chupin <pavel.v.chupin@intel.com> |
Add casts to avoid build warnings with gcc-4.7
Example:
keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]'
from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}'
Change-Id: I8cd239880821724050d1716b78851807e0246ef2
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
/system/security/keystore/keystore.cpp
|
| 344e0bc23ca46b9acec97ac8bcd87949bde0ccab |
|
15-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime command for keys
This allows you to check when a key was last modified.
Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
/system/security/keystore/keystore.cpp
|
| 9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae |
|
14-Aug-2012 |
Kenny Root <kroot@google.com> |
keymaster HAL users don't need delete_keypair
The keymaster HAL implementations don't need the delete_keypair method,
but keystore currently throws an error when it's not implemented. This
causes problems with at least the OpenSSL software implementation.
Bug: 6985351
Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
/system/security/keystore/keystore.cpp
|
| a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1 |
|
17-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Handle keynames with special characters such as - and .
Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950
(cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1)
Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555
/system/security/keystore/keystore.cpp
|
| e95ce35d10d6e0a7315a57f30d9c88d89880a4e1 |
|
07-Apr-2012 |
Amith Yamasani <yamasani@google.com> |
Allow calls from secondary user Settings app.
This is so that Face Unlock can be a valid option for a lockscreen.
Otherwise get a PERMISSION_DENIED when uid = 101000.
Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
/system/security/keystore/keystore.cpp
|
| da1ed9ab99c00698af64ec655ff668efffe2960d |
|
10-Apr-2012 |
Kenny Root <kroot@google.com> |
Turn on extra compiler checks
Turn on the compiler flags -Wall -Wextra -Werror to make sure no
compiler warnings are added to the project.
Eliminate all unused arguments. Remove unused variables in code.
Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
/system/security/keystore/keystore.cpp
|
| 822c3a99d930e9299e2fad2fb3e0ff91b119b95a |
|
24-Mar-2012 |
Kenny Root <kroot@google.com> |
Add support for upgrading key types
Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.
Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
/system/security/keystore/keystore.cpp
|
| 298e7b1b0f9116e2054d594d7538379d86585035 |
|
26-Mar-2012 |
Kenny Root <kroot@google.com> |
Add keymaster delete_all call on reset
To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.
Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
/system/security/keystore/keystore.cpp
|
| 70e3a86abd2c412d602a018967c01c177eb6cf4e |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Add keymaster to keystore with soft implementation
Add hardware crypto capabilities to keystore. This allows hardware
escrow of private key material.
There is also an OpenSSL engine that connects to keystore to allow use
of the keystore keys from native code built into the platform.
This includes a software implementation of keymaster using OpenSSL
as the backend. This is just as insecure as the previous solution,
but it's needed so devices without hardware support can continue
to operate in the new scheme without a lot of compatibility code.
Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
/system/security/keystore/keystore.cpp
|
| 5187818895c4c5f650a611c40531b1dff7764c18 |
|
13-Mar-2012 |
Kenny Root <kroot@google.com> |
keystore_client shared library
Add a libkeystore_client.so library for clients to use.
Add const-correctness to the keystore.cpp classes.
Increase maximum arguments for future work.
Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
/system/security/keystore/keystore.cpp
|
| a91203b08350b2fc7efda5b1eab39e7541476b3a |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Move keystore from frameworks/base
Move keystore from frameworks/base at commit
57ff581bd9b16a192a567f84d0e0a5c82d866343
Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906
/system/security/keystore/keystore.cpp
|