Cross Reference: /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java

History log of /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
3876b1be27e3aefde9a72eb2e4f856e94fc5f946	09-Sep-2015	Alex Klyubin <klyubin@google.com>	Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
3ab1f04004c417397bfac8f061dc187b7b66109d	20-Jul-2015	Alex Klyubin <klyubin@google.com>	Raw RSA Cipher relies on keymaster for padding and range checks. This makes Android Keystore's RSA/ECB/NoPadding Cipher implementation rely on the underlying keystore/keymaster to left-pad the input (if necessary) and to reject invalid input. Prior to this change the Cipher implementation attempted to do it itself, but wasn't doing it right anyway. This fixes a regression where Android Keystore's raw RSA Cipher ("RSA/ECB/NoPadding") refused to encrypt plaintexts of the same length (in bytes) as RSA modulus which were nevertheless numerically smaller than the RSA modulus. Bug: 22599805 Change-Id: I591a8115a574eaf8f6075f29b50d93a87532c5eb /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
25d2270704e246d897596c991a36233cdc620790	25-Jun-2015	Alex Klyubin <klyubin@google.com>	Support RSA encrypt using private key and PKCS#1 paddding. Some apps such as OpenVPN Connect for some reason generate PKCS#1-padded RSA signatures using Cipher (initialized in Cipher.ENCRYPT_MODE with private key!) instead of using Signature. Unfortunately, RI supports this strange behavior and previous releases of Android Keystore did the same. So, we have to continue supporting this craziness. Bug: 22083023 Change-Id: Ife3950d0d4ceb4e44e08014635312c1252878b69 /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
d23dc502b0a1952887d4453cba98aa2e3d2f5009	24-Jun-2015	Alex Klyubin <klyubin@google.com>	Make NONEwithECDSA truncate input when necessary. Keymaster's implementation of ECDSA with digest NONE rejects input longer than group size in bytes. RI's NONEwithECDSA accepts inputs of arbitrary length by truncating them to the above size. This CL makes Android Keystore's NONEwithECDSA do the truncation to keep the JCA and Keymaster happy. The change is inside AndroidKeyStoreECDSASignatureSpi$NONE. All other small modifications are for supporting that change by making it possible for AndroidKeyStoreSignatureSpiBase to pass in the signature being verified into KeyStoreCryptoOperationStreamer. This in turn is needed to make it possible for NONEwithECDSA implementation to provide a wrapper streamer which truncates input. Bug: 22030217 Change-Id: I26064f6df37ef8c631d70a36a356aa0b76a9ad29 /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
ae6cb7aad56bb006769cd8a69b92af7236644fc1	23-Jun-2015	Alex Klyubin <klyubin@google.com>	Keymaster INT, LONG and DATE tag values are unsigned. This CL ensures that Android Keystore framework code complies with signedness of keymaster tags. In particular: * INT tags are unsigned 32-bit numbers, and * LONG and DATE tags are unsigned 64-bit numbers. The ensure compliance, KeymasterArguments and KeyCharacteristics classes through which Android Keystore interacts with Keymaster tags have been modified as follows: * ENUM and INT tags which used to be conflated are now added/queried via separate methods, because ENUM can remain represented as an int data type whereas INT is now represented as a long data type with permitted range being [0; 2^32). * Methods for adding/quering LONG tags have been switched from the long data type to the BigInteger data type and now ensure that the value is in the permitted [0; 2^63). * Methods for adding/querying DATE tags now ensure the Date value is in the permitted range [0; 2^63) ms since Unix epoch. * Methods for adding tags throw an IllegalArgumentException if the tag type is unsuitable for the method. This is to ensure that tags with invalid values cannot be added through similar methods (e.g., INT tag added via an ENUM tag addition method invoked with a negative value). Bug: 22008538 Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
00af27b7d9010eb41e45959dab7c4ff6de119897	02-Jun-2015	Alex Klyubin <klyubin@google.com>	Expose AES GCM backed by Android Keystore. Bug: 18088752 Bug: 21786749 Change-Id: Ica90491037d2920f7635195894ba18882fc4406d /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
a72b55195c23fc06d1600efe8f6aac85290c7f8f	12-Jun-2015	Alex Klyubin <klyubin@google.com>	Obtain entropy later in crypto operations, when possible. This makes Android Keystore crypto operations defer pulling entropy from provided SecureRandom until KeyStore.finish, where appropriate. Such as when performing asymmetric encryption or generating signatures. Bug: 18088752 Change-Id: I4a897754e9a846214cf0995c5514f98cf0edd76b /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
508e665ceaee3e973c17588e8830030662f24b1f	09-Jun-2015	Alex Klyubin <klyubin@google.com>	Support for Android Keystore Cipher.wrap and unwrap. Cipher.wrap and .unwrap are supported by Android Keystore in released versions of Android. The new Android Keystore provider should thus continue supporting these for backward compatibility. Bug: 18088752 Change-Id: I95319b13d5c4e9681f6539016e6449d73f81131d /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
5552c89fa9cb5ac72edbbcb5a71ef14a07f5ea11	04-Jun-2015	Alex Klyubin <klyubin@google.com>	RSA encrypt with private key in Android Keystore. This adds support for RSA encryption using private key and no padding. This mode of operation is needed because JCA does not offer an RSA Signature primitive that does not apply padding. Bug: 18088752 Bug: 20912868 Change-Id: I0b481b4c19916f601aa270fada5eabfb12987e8d /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java
4f389fd200fee9e055d3f28b20bee3132329a056	29-May-2015	Alex Klyubin <klyubin@google.com>	Expose RSA Cipher from Android Keystore Provider. The RSA Cipher supports OAEPPadding, PKCS1Padding and NoPadding padding schemes. Bug: 18088752 Bug: 20912868 Change-Id: Ie050e12705bb553a402760a1d253fdb2247a1d50 /frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreRSACipherSpi.java