9739d48a2101e49b0936096d69c29006f9acdeb5 |
|
21-Jul-2016 |
Shawn Willden <swillden@google.com> |
Fix @link tags in keystore doc Bug: 30258412 Change-Id: I370a53ebad29ff0471e4b7776cd76b2530efe760
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
26e8d553e52055955db83061c5799ba4439ebe1b |
|
15-Jun-2016 |
Shawn Willden <swillden@google.com> |
Update semantics of on-body Keystore API. Architectural changes from the Wear team have required changes to the semantics of the Keystore on-body feature. Although no devices will actually implement this feature until the release of new Wear devices with the necessary sensors, we need to get the API documentation right now. Bug: 29369151 Change-Id: I857e00928f994a1337313123eae7e00534c53c3c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
5e018c04a6d1018b214fb4a727ca3182768301f2 |
|
15-Jun-2016 |
Shawn Willden <swillden@google.com> |
Unbreak Javadoc on getAttestationChallenge() Bug: 28844154 Change-Id: I8402a39f366291cd2b5d646536cd2c2bab8556d2
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
682c24e22811d4ee17ae1cd61bf255c3f7e722b7 |
|
12-Apr-2016 |
Trevor Johns <trevorjohns@google.com> |
Resolve merge conflicts of a5060ee to nyc-dev This undoes the automerger skip which occured in commit e740c84dc32180214a7fd157105d6c18d30408ee and replays it as a standard (NOT -s ours) merge. Change-Id: If5a47be26f73d6a0735c425cd66310a3e2a89086
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
c38eae5229a820966008ae1885af90cd27c265e7 |
|
23-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add option to allow key validity after fingerprint enrollment."" This reverts commit 512c132f49fc6e8e4fc119f4cf167d33b2393509. Change-Id: Iac381dfebcfe42f0468569eb2395ebeb97a95887
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
512c132f49fc6e8e4fc119f4cf167d33b2393509 |
|
22-Feb-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add option to allow key validity after fingerprint enrollment." This reverts commit ada0fc1b05902b11401094b15480377d1b6c5a35. Change-Id: I934b6e6af49ab680af726c544f0193dfcb80054e
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
ada0fc1b05902b11401094b15480377d1b6c5a35 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add option to allow key validity after fingerprint enrollment. Bug: 21563854 Change-Id: I4f601e59fbfcd601e6a80ddcbc7b83ced6cc18c8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
adef49640d6339e6b4a6ad736c5815e35d9b8803 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add support for extending key validity while on body. Bug: 21563854 Change-Id: I3b622d2af77ec4ac3ba42407fc391112c153ef0f
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
8d8c7477746c357d54f586fc92e8d422a4fc6441 |
|
02-Feb-2016 |
Shawn Willden <swillden@google.com> |
Add attestation API to Android KeyStore. Bug: 22914603 Change-Id: I7c6162dc7a390aa48a2542494780959b01c23bd4
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
3876b1be27e3aefde9a72eb2e4f856e94fc5f946 |
|
09-Sep-2015 |
Alex Klyubin <klyubin@google.com> |
Support cross-UID access from AndroidKeyStore. This is meant for exposing the pre-existing cross-UID access to keys backed by the keystore service via higher-level JCA API. For example, this lets system_server use Wi-Fi or VPN UID keys via JCA API. To obtain a JCA AndroidKeyStore KeyStore for another UID, use the hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid). To generate a key owned by another UID, invoke setUid(uid) on KeyGenParameterSpec.Builder. This CL does not change the security policy, such as which UID can access/modify which UIDs' keys. The policy is that only certain system UIDs are permitted to access keys of certain other system UIDs. Bug: 23978113 Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
72245d7909763dd1ed4cf4082aa1042e0ea61f4d |
|
11-Aug-2015 |
Alex Klyubin <klyubin@google.com> |
Add more examples of generating/importing keys to Javadocs. Based on developer feedback, this updates Android Keystore Javadocs with more examples of generating and importing keys of various algorithms. This also clarifies that key use authorizations apply to secret and private key and do no apply to public keys. Bug: 23102874 Change-Id: If0dc20fda4836fd23b9cd9c92490a04e71b19fc0
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
e4928a2912297751108c7045ce3343ec63edcc01 |
|
21-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster digest/padding NONE no longer means ANY. This adjusts the public API documentation to no longer say that digest/padding NONE means any digest/padding. This also changes the implementation of legacy key generation and import to explicitly list which digests/paddings the generated/imported key is authorized for. Previously, such keys were simply authorized for digest NONE and padding NONE. Bug: 22556114 Change-Id: Id02d9450a07de16ccb795b76b6de0006dd49dcca
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
c58153b2d7418f44f2b0e397478be808e91decef |
|
08-Jul-2015 |
Alex Klyubin <klyubin@google.com> |
HMAC keys are authorized for exactly one digest. This is in preparation for enforcing the minimum length of MACs which in the case of HMAC keys generated or imported by Android Keystore will be set to the length of the digest for which the key is authorized. Bug: 22337277 Change-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
856aebe571e2efe332c1258b3131bfbae6f4b396 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Don't fail if self-signed certificate can't be signed. This makes Android Keystore's KeyPairGenerator fall back to generating a self-signed certificate with an invalid/fake signature when the attempt to generate a self-signed certificate with a valid signature fails. There is a growing number of reasons/authorizations due to which the generated private key cannot be used to sign the self-signed certificate. It's safer for KeyPairGenerator to succeed than to fail. Bug: 22033161 Change-Id: I1ecbd421346166bfd536b5cfbaea169b11f0b1c8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
3867709fb3840fa26072fef66ba7121a0e41871f |
|
22-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Document that RSA OAEP requires digest authorization. RSA encryption/decryption keys used with RSA OAEP padding scheme now require the key to be authorized for the digest used by OAEP. Bug: 21998286 Change-Id: I1f5eb1b30a1b574c45ffcabed6096de8671882d3
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
97f4d3b40754e4496caeb29ee54c330d8bc9f2d7 |
|
17-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Prefer GCM to CBC or CTR in documentation." into mnc-dev
|
a5e21f0ee2fbf3a6f03e31fca8da459e1fe9e213 |
|
17-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Prefer GCM to CBC or CTR in documentation. Bug: 21786749 Change-Id: If3824d1321ef1d8730d4384717b0c25d43518fe4
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
83cc7a347f4775821ebeed04a2244b8b847be516 |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Improve documentation for keys requiring user auth. Bug: 18088752 Change-Id: I24eeb33790a74d8d81d10fcdb1eb058d47144c44
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
cb3bb3f03ac253052cd42a32a54e63c2ee9b9a95 |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Harden and clean up KeyProtection. This ensures that instances of this class are immutable and cleans up some flawed logic discovered when writing up CTS tests. Bug: 18088752 Change-Id: If9cc33192ada5a8982a2b200ab24cb18331cf958
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
1b937eebdd38a7bea9b86831370a78bcded4d63c |
|
16-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Harden and clean up KeyGenParameterSpec. This ensures that instances of this class are immutable and cleans up some flawed logic discovered when writing up CTS tests. Bug: 18088752 Change-Id: I7a27dbfc3445599bccabbd26e39535ce988a2ab2
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
acb7efd0d6dbde2506bb333e400a281f422df3fc |
|
12-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Document when self-signed certs have invalid signature. This updates the Javadocs of Android Keystore to explain what key authorizations are needed for the self-signed cert create at key generation time to have a valid signature. Bug: 18088752 Bug: 21777596 Change-Id: Id02425133f094a0c5a02e96f4c63aab7175cba5b
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
dcf3d35f23ba46f17251d4181eee4675691f3380 |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs to reflect meaning of digest and padding NONE. This also adds information about what digests and paddings may need to be specified for keys used in TLS/SSL for client or server authentication. Bug: 21777596 Change-Id: Icd495458c38c4f912b21a64ca7aab2c88d76461c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
bce7efcabfd8494d86e6eedba4e64da2b617a7ca |
|
11-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Update Javadocs: all new features supported for asymmetric crypto. Bug: 20912868 Change-Id: I633d3caa3f40dd0b038b2f7e75825614bed2c0f5
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
3ceb1a04b44539c2b2c3afec6df487fe128911f2 |
|
06-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Switch Android Keystore key gen and import to new KeyStore API. This makes Android Keystore's asymmetric key generation and import use the new KeyStore API (similar to keymaster 1.0 API). Because the resulting private keys will be used through Conscrypt/keystore-engine which uses the old Keystore API, this CL implements a temporary workaround where all generated and imported keys are authorized for padding NONE and digest NONE, in addition to padding schemes and digests requested by the user of the Android Keystore API. This workaround is needed because keystore-engine uses digest NONE and padding NONE for all its crypto operations. Bug: 18088752 Bug: 20912868 Change-Id: Idc709039d091294265bd000160b5507f13825849
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
fe0609dc9c32b1de457f19bb3cf2b87584c4634d |
|
27-May-2015 |
Alex Klyubin <klyubin@google.com> |
Fix typo in Javadocs of KeyGenParameterSpec. Bug: 18088752 Change-Id: I76daca80a8066ab55a0104ae113fd2c3a7993af3
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
96481c3ddc6c58cfcad2a5cb9325ee2b24b0c540 |
|
15-May-2015 |
Alex Klyubin <klyubin@google.com> |
Remove "encrypt at rest" flag from new AndroidKeyStore API. This flag causes issues such as being unable to generate, import, or use keys when the user/profile secure lock screen credential hasn't yet been entered after boot. Bug: 18088752 Change-Id: I992f6dfdc945bcb83e341356a40dfa7d7bc143d8
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
dcdaf87ed0aa99073638bcfe645949f130f0c7ad |
|
14-May-2015 |
Alex Klyubin <klyubin@google.com> |
Move Android Keystore impl to android.security.keystore. This moves the non-public API classes backing Android Keystore from android.security to android.security.keystore, a package specially created for Android Keystore. Bug: 18088752 Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|
3f8d4d840894468f2be8a5b56ff266cef2d71c50 |
|
13-May-2015 |
Alex Klyubin <klyubin@google.com> |
New AndroidKeyStore API in android.security.keystore. This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
/frameworks/base/keystore/java/android/security/keystore/KeyGenParameterSpec.java
|