| c38eae5229a820966008ae1885af90cd27c265e7 |
|
23-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add option to allow key validity after fingerprint enrollment.""
This reverts commit 512c132f49fc6e8e4fc119f4cf167d33b2393509.
Change-Id: Iac381dfebcfe42f0468569eb2395ebeb97a95887
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| 512c132f49fc6e8e4fc119f4cf167d33b2393509 |
|
22-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add option to allow key validity after fingerprint enrollment."
This reverts commit ada0fc1b05902b11401094b15480377d1b6c5a35.
Change-Id: I934b6e6af49ab680af726c544f0193dfcb80054e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| ada0fc1b05902b11401094b15480377d1b6c5a35 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add option to allow key validity after fingerprint enrollment.
Bug: 21563854
Change-Id: I4f601e59fbfcd601e6a80ddcbc7b83ced6cc18c8
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| adef49640d6339e6b4a6ad736c5815e35d9b8803 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add support for extending key validity while on body.
Bug: 21563854
Change-Id: I3b622d2af77ec4ac3ba42407fc391112c153ef0f
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| 6f2eb6d7a642b842976f5eeac2733b6f7e128711 |
|
14-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Fix Android Keystore key factories to obey JCA contract.
Android Keystore provider's KeyFactory and SecretKeyFactory
implementations were throwing UnsupportedOperationException instead of
InvalidKeyException/InvalidKeySpecException from their
translateKey/generateKey methods.
Bug: 22459811
Change-Id: I6d5a5dc1bed724e858ad324d558b7480b9b848da
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| ae6cb7aad56bb006769cd8a69b92af7236644fc1 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster INT, LONG and DATE tag values are unsigned.
This CL ensures that Android Keystore framework code complies with
signedness of keymaster tags. In particular:
* INT tags are unsigned 32-bit numbers, and
* LONG and DATE tags are unsigned 64-bit numbers.
The ensure compliance, KeymasterArguments and KeyCharacteristics
classes through which Android Keystore interacts with Keymaster tags
have been modified as follows:
* ENUM and INT tags which used to be conflated are now added/queried
via separate methods, because ENUM can remain represented as an int
data type whereas INT is now represented as a long data type with
permitted range being [0; 2^32).
* Methods for adding/quering LONG tags have been switched from the long
data type to the BigInteger data type and now ensure that the value
is in the permitted [0; 2^63).
* Methods for adding/querying DATE tags now ensure the Date value is
in the permitted range [0; 2^63) ms since Unix epoch.
* Methods for adding tags throw an IllegalArgumentException if the tag
type is unsuitable for the method. This is to ensure that tags with
invalid values cannot be added through similar methods (e.g., INT tag
added via an ENUM tag addition method invoked with a negative value).
Bug: 22008538
Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| d6c7799b9a8b00d160a1d2d32c7326132cbc7b7b |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster key validity dates are optional.
This CL makes Android Keystore framework code add
KM_TAG_ACTIVE_DATETIME, KM_TAG_ORIGINATION_EXPIRE_DATETIME, and
KM_TAG_USAGE_EXPIRE_DATETIME tags to the authorizations set only
if the corresponding time instants were specified through the
framework-level API. This is fine because these tags are optional as
it turns out.
Bug: 18088752
Change-Id: I6a5ae4cadb441e61576231815e6bec6e9248bc72
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| 97a27a73e6c5f5800303596ceebf314d90429d35 |
|
04-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Export KeyFactory backed by Android Keystore.
The KeyFactory can be used to obtain information (KeyInfo) about
Android Keystore private keys.
Bug: 18088752
Change-Id: Ied1a69928f391537de6765cef7dc7d7241cf62bb
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|
| dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore.
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/java/android/security/keystore/AndroidKeyStoreSecretKeyFactorySpi.java
|