Cross Reference: /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStorePublicKey.java

History log of /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStorePublicKey.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
3876b1be27e3aefde9a72eb2e4f856e94fc5f946	09-Sep-2015	Alex Klyubin <klyubin@google.com>	Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStorePublicKey.java
4a0ff7ca984d29bd34b02e54441957cad65e8b53	09-Jun-2015	Alex Klyubin <klyubin@google.com>	Android Keystore keys are no longer backed by Conscrypt. This switches Android Keystore asymmetric keys from being backed by Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE which talks to keystore via the old KeyStore API) to being backed by the AndroidKeyStore Provider which talks to keystore via the new KeyStore API. In effect, this switches asymmetric crypto offered by Android Keystore from old Keystore API to new KeyStore API, enabling all the new features such as enforcement of authorizations on key use. Some algorithms offered by Android Keystore, such as RSA with OAEP or PSS padding schemes, are not supported by other providers. This complicates matters because Android Keystore only supports public key operations if the corresponding private key is in the keystore. Thus, Android Keystore can only offer these operations for its own public keys only. This requires AndroidKeyStore to use its own subclasses of PublicKey everywhere. The ugliest place is where it needs to return its own subclass of X509Certificate only to be able to return its own subclass of PublicKey from Certificate.getPublicKey(). Bug: 18088752 Bug: 19284418 Bug: 20912868 Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64 /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStorePublicKey.java
4f389fd200fee9e055d3f28b20bee3132329a056	29-May-2015	Alex Klyubin <klyubin@google.com>	Expose RSA Cipher from Android Keystore Provider. The RSA Cipher supports OAEPPadding, PKCS1Padding and NoPadding padding schemes. Bug: 18088752 Bug: 20912868 Change-Id: Ie050e12705bb553a402760a1d253fdb2247a1d50 /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStorePublicKey.java