| 9739d48a2101e49b0936096d69c29006f9acdeb5 |
|
21-Jul-2016 |
Shawn Willden <swillden@google.com> |
Fix @link tags in keystore doc
Bug: 30258412
Change-Id: I370a53ebad29ff0471e4b7776cd76b2530efe760
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 26e8d553e52055955db83061c5799ba4439ebe1b |
|
15-Jun-2016 |
Shawn Willden <swillden@google.com> |
Update semantics of on-body Keystore API.
Architectural changes from the Wear team have required changes to the
semantics of the Keystore on-body feature. Although no devices will
actually implement this feature until the release of new Wear devices
with the necessary sensors, we need to get the API documentation right
now.
Bug: 29369151
Change-Id: I857e00928f994a1337313123eae7e00534c53c3c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 5e018c04a6d1018b214fb4a727ca3182768301f2 |
|
15-Jun-2016 |
Shawn Willden <swillden@google.com> |
Unbreak Javadoc on getAttestationChallenge()
Bug: 28844154
Change-Id: I8402a39f366291cd2b5d646536cd2c2bab8556d2
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 682c24e22811d4ee17ae1cd61bf255c3f7e722b7 |
|
12-Apr-2016 |
Trevor Johns <trevorjohns@google.com> |
Resolve merge conflicts of a5060ee to nyc-dev
This undoes the automerger skip which occured in
commit e740c84dc32180214a7fd157105d6c18d30408ee and
replays it as a standard (NOT -s ours) merge.
Change-Id: If5a47be26f73d6a0735c425cd66310a3e2a89086
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| c38eae5229a820966008ae1885af90cd27c265e7 |
|
23-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add option to allow key validity after fingerprint enrollment.""
This reverts commit 512c132f49fc6e8e4fc119f4cf167d33b2393509.
Change-Id: Iac381dfebcfe42f0468569eb2395ebeb97a95887
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 512c132f49fc6e8e4fc119f4cf167d33b2393509 |
|
22-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add option to allow key validity after fingerprint enrollment."
This reverts commit ada0fc1b05902b11401094b15480377d1b6c5a35.
Change-Id: I934b6e6af49ab680af726c544f0193dfcb80054e
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| ada0fc1b05902b11401094b15480377d1b6c5a35 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add option to allow key validity after fingerprint enrollment.
Bug: 21563854
Change-Id: I4f601e59fbfcd601e6a80ddcbc7b83ced6cc18c8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| adef49640d6339e6b4a6ad736c5815e35d9b8803 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add support for extending key validity while on body.
Bug: 21563854
Change-Id: I3b622d2af77ec4ac3ba42407fc391112c153ef0f
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 8d8c7477746c357d54f586fc92e8d422a4fc6441 |
|
02-Feb-2016 |
Shawn Willden <swillden@google.com> |
Add attestation API to Android KeyStore.
Bug: 22914603
Change-Id: I7c6162dc7a390aa48a2542494780959b01c23bd4
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore.
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 72245d7909763dd1ed4cf4082aa1042e0ea61f4d |
|
11-Aug-2015 |
Alex Klyubin <klyubin@google.com> |
Add more examples of generating/importing keys to Javadocs.
Based on developer feedback, this updates Android Keystore Javadocs
with more examples of generating and importing keys of various
algorithms. This also clarifies that key use authorizations apply to
secret and private key and do no apply to public keys.
Bug: 23102874
Change-Id: If0dc20fda4836fd23b9cd9c92490a04e71b19fc0
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| e4928a2912297751108c7045ce3343ec63edcc01 |
|
21-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster digest/padding NONE no longer means ANY.
This adjusts the public API documentation to no longer say that
digest/padding NONE means any digest/padding. This also changes the
implementation of legacy key generation and import to explicitly
list which digests/paddings the generated/imported key is authorized
for. Previously, such keys were simply authorized for digest NONE and
padding NONE.
Bug: 22556114
Change-Id: Id02d9450a07de16ccb795b76b6de0006dd49dcca
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| c58153b2d7418f44f2b0e397478be808e91decef |
|
08-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
HMAC keys are authorized for exactly one digest.
This is in preparation for enforcing the minimum length of MACs
which in the case of HMAC keys generated or imported by Android
Keystore will be set to the length of the digest for which the
key is authorized.
Bug: 22337277
Change-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 856aebe571e2efe332c1258b3131bfbae6f4b396 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Don't fail if self-signed certificate can't be signed.
This makes Android Keystore's KeyPairGenerator fall back to generating
a self-signed certificate with an invalid/fake signature when the
attempt to generate a self-signed certificate with a valid signature
fails.
There is a growing number of reasons/authorizations due to which the
generated private key cannot be used to sign the self-signed
certificate. It's safer for KeyPairGenerator to succeed than to fail.
Bug: 22033161
Change-Id: I1ecbd421346166bfd536b5cfbaea169b11f0b1c8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 3867709fb3840fa26072fef66ba7121a0e41871f |
|
22-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Document that RSA OAEP requires digest authorization.
RSA encryption/decryption keys used with RSA OAEP padding scheme now
require the key to be authorized for the digest used by OAEP.
Bug: 21998286
Change-Id: I1f5eb1b30a1b574c45ffcabed6096de8671882d3
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 97f4d3b40754e4496caeb29ee54c330d8bc9f2d7 |
|
17-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Prefer GCM to CBC or CTR in documentation." into mnc-dev
|
| a5e21f0ee2fbf3a6f03e31fca8da459e1fe9e213 |
|
17-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Prefer GCM to CBC or CTR in documentation.
Bug: 21786749
Change-Id: If3824d1321ef1d8730d4384717b0c25d43518fe4
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 83cc7a347f4775821ebeed04a2244b8b847be516 |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Improve documentation for keys requiring user auth.
Bug: 18088752
Change-Id: I24eeb33790a74d8d81d10fcdb1eb058d47144c44
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| cb3bb3f03ac253052cd42a32a54e63c2ee9b9a95 |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Harden and clean up KeyProtection.
This ensures that instances of this class are immutable and cleans up
some flawed logic discovered when writing up CTS tests.
Bug: 18088752
Change-Id: If9cc33192ada5a8982a2b200ab24cb18331cf958
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 1b937eebdd38a7bea9b86831370a78bcded4d63c |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Harden and clean up KeyGenParameterSpec.
This ensures that instances of this class are immutable and cleans up
some flawed logic discovered when writing up CTS tests.
Bug: 18088752
Change-Id: I7a27dbfc3445599bccabbd26e39535ce988a2ab2
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| acb7efd0d6dbde2506bb333e400a281f422df3fc |
|
12-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Document when self-signed certs have invalid signature.
This updates the Javadocs of Android Keystore to explain what key
authorizations are needed for the self-signed cert create at key
generation time to have a valid signature.
Bug: 18088752
Bug: 21777596
Change-Id: Id02425133f094a0c5a02e96f4c63aab7175cba5b
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| dcf3d35f23ba46f17251d4181eee4675691f3380 |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs to reflect meaning of digest and padding NONE.
This also adds information about what digests and paddings may need to
be specified for keys used in TLS/SSL for client or server
authentication.
Bug: 21777596
Change-Id: Icd495458c38c4f912b21a64ca7aab2c88d76461c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| bce7efcabfd8494d86e6eedba4e64da2b617a7ca |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs: all new features supported for asymmetric crypto.
Bug: 20912868
Change-Id: I633d3caa3f40dd0b038b2f7e75825614bed2c0f5
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 3ceb1a04b44539c2b2c3afec6df487fe128911f2 |
|
06-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Switch Android Keystore key gen and import to new KeyStore API.
This makes Android Keystore's asymmetric key generation and import
use the new KeyStore API (similar to keymaster 1.0 API).
Because the resulting private keys will be used through
Conscrypt/keystore-engine which uses the old Keystore API, this CL
implements a temporary workaround where all generated and imported
keys are authorized for padding NONE and digest NONE, in addition to
padding schemes and digests requested by the user of the Android
Keystore API. This workaround is needed because keystore-engine uses
digest NONE and padding NONE for all its crypto operations.
Bug: 18088752
Bug: 20912868
Change-Id: Idc709039d091294265bd000160b5507f13825849
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| fe0609dc9c32b1de457f19bb3cf2b87584c4634d |
|
27-May-2015 |
Alex Klyubin <klyubin@google.com> |
Fix typo in Javadocs of KeyGenParameterSpec.
Bug: 18088752
Change-Id: I76daca80a8066ab55a0104ae113fd2c3a7993af3
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 96481c3ddc6c58cfcad2a5cb9325ee2b24b0c540 |
|
15-May-2015 |
Alex Klyubin <klyubin@google.com> |
Remove "encrypt at rest" flag from new AndroidKeyStore API.
This flag causes issues such as being unable to generate, import, or
use keys when the user/profile secure lock screen credential hasn't
yet been entered after boot.
Bug: 18088752
Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore.
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
| 3f8d4d840894468f2be8a5b56ff266cef2d71c50 |
|
13-May-2015 |
Alex Klyubin <klyubin@google.com> |
New AndroidKeyStore API in android.security.keystore.
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|