| ae6cb7aad56bb006769cd8a69b92af7236644fc1 |
|
23-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Keymaster INT, LONG and DATE tag values are unsigned.
This CL ensures that Android Keystore framework code complies with
signedness of keymaster tags. In particular:
* INT tags are unsigned 32-bit numbers, and
* LONG and DATE tags are unsigned 64-bit numbers.
The ensure compliance, KeymasterArguments and KeyCharacteristics
classes through which Android Keystore interacts with Keymaster tags
have been modified as follows:
* ENUM and INT tags which used to be conflated are now added/queried
via separate methods, because ENUM can remain represented as an int
data type whereas INT is now represented as a long data type with
permitted range being [0; 2^32).
* Methods for adding/quering LONG tags have been switched from the long
data type to the BigInteger data type and now ensure that the value
is in the permitted [0; 2^63).
* Methods for adding/querying DATE tags now ensure the Date value is
in the permitted range [0; 2^63) ms since Unix epoch.
* Methods for adding tags throw an IllegalArgumentException if the tag
type is unsuitable for the method. This is to ensure that tags with
invalid values cannot be added through similar methods (e.g., INT tag
added via an ENUM tag addition method invoked with a negative value).
Bug: 22008538
Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 4a0ff7ca984d29bd34b02e54441957cad65e8b53 |
|
09-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Android Keystore keys are no longer backed by Conscrypt.
This switches Android Keystore asymmetric keys from being backed by
Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE
which talks to keystore via the old KeyStore API) to being backed by
the AndroidKeyStore Provider which talks to keystore via the new
KeyStore API. In effect, this switches asymmetric crypto offered by
Android Keystore from old Keystore API to new KeyStore API, enabling
all the new features such as enforcement of authorizations on key use.
Some algorithms offered by Android Keystore, such as RSA with OAEP
or PSS padding schemes, are not supported by other providers. This
complicates matters because Android Keystore only supports public key
operations if the corresponding private key is in the keystore. Thus,
Android Keystore can only offer these operations for its own public
keys only. This requires AndroidKeyStore to use its own subclasses of
PublicKey everywhere. The ugliest place is where it needs to return
its own subclass of X509Certificate only to be able to return its
own subclass of PublicKey from Certificate.getPublicKey().
Bug: 18088752
Bug: 19284418
Bug: 20912868
Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 4350babc028822e8905190d88a9f5b8c6ffce8ec |
|
08-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Remove deprecated android.security.KeyStore methods.
* delKey -> delete
* getPubkey -> exportKey
* saw -> list.
Bug: 18088752
Change-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5c56f74527d4d5c8c92c95e7e47319d2324bdb4d |
|
03-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG" into mnc-dev
|
| 0fe70813e03891a2fe0efdc16cd289d646205682 |
|
01-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG
Change-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 966486e134c901ea61195b352fdd81476b3639b4 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track changes to the keystore binder API
Output parameters are gone from begin, instead they will returned in the
OperationResult and begin, update, and finish may return output
parameters.
Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 7a882b5d8d64daaad9377ac7cb5c606aac8c4072 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix testAuthNeeded test
begin now returns OP_AUTH_REQUIRED for per operations with per op
authorization instead of NO_ERROR.
(cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9)
Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 3f8d4d840894468f2be8a5b56ff266cef2d71c50 |
|
13-May-2015 |
Alex Klyubin <klyubin@google.com> |
New AndroidKeyStore API in android.security.keystore.
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 292102459b07188b72575260b693fa962654aa19 |
|
11-May-2015 |
Alex Klyubin <klyubin@google.com> |
Fix KeyStoreTest now that begin requires parameters.
Keystore's begin operation now requires parameters which describe the
operation (e.g., algorithm, block mode, padding). This adjusts
KeyStoreTest to provide the necessary parameters.
(cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110)
Bug: 19509156
Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| a91a8504191d91d288c55821caa5bf00c9be26a2 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore password changing and unlocking
Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 6bf52c4271bd0483174fe3755caedb778693791e |
|
24-Apr-2015 |
Adam Langley <agl@google.com> |
frameworks/base: switch to using NativeConstants.
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 386c4e9ea976377d87950427472a593c22b1b205 |
|
10-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Fix testSaw_ungrantedUid_Bluetooth"
|
| 6a5af8cf146aa1fd69449c1138c3e4008ac8b76b |
|
10-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix testSaw_ungrantedUid_Bluetooth
Keystore.saw returns [] on no result, not null, so the test was
incorrectly failing.
Change-Id: I22dcf85c5d6c5c0368848bc784c3215c092d9ea8
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 55f7c2770faade3543bebd833124f2f15c0f7455 |
|
10-Apr-2015 |
Alex Klyubin <klyubin@google.com> |
Track more changes to keymaster_defs.h
KeyStoreTest needed to be adjusted because OCB is no longer supported.
Bug: 18088752
Change-Id: I7594daaa5e97423d34726b07cc79e3ee28418d95
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| ce7ad24b6337135fd7b6ed169bb5c517d044f041 |
|
02-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Mark all test keys as no auth required
Now that auth token checks are in keystore keys without any auth tags
are invalid.
Also adds a test to check that a key with auth required fails when none
is present.
Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| dae79e540844741fc35c648efe8bbb00fc8ab781 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 9f47709f8bef8f3d67e7e17e69aee2d73b4ff9ed |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use correct tag type for RSA exponent
Change-Id: I957c4469401953d2298751c655ca8e9f95b9511d
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5e73c0eec2bc77222a5a87fb2a135d8303836411 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make application/client id an object
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 003a55a6713fd4c1fe63ae5cdb478a11016f46b4 |
|
20-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Specify public exponent for RSA
Keymaster no longer adds a default value, so these tests were failing.
Change-Id: I9c5a8d2552534db1d7fa77965b0d675acc3ccc0a
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 8827c8173281fea21325d88922471851e31200c4 |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add initial Keymaster 1.0 tests
Change-Id: I3b8ef583b71056b92a876fa47556771604dae121
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| dc8bc1160cd97ca113636ca2b4adda21e031b5bd |
|
12-Sep-2014 |
Shawn Willden <swillden@google.com> |
Correct test data size in keystore signing and verification tests.
The test is sending too much data to be signed, which should actually
fail, and does on Volantis. Apparently the other keymaster implementors
do something to pass it, because shamu and hammerhead pass, but the test
is wrong.
Change-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| f64386fc26efeb245fd90fabaa47b8c8bf9b4613 |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types
Change-Id: Ic6f029d66210052ce2f75d46102a100ac7db2b49
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| a920f25fe55fc9afc7640902a200f19ce278588b |
|
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
resolved conflicts for merge of fca0f92e to stage-aosp-master
Change-Id: I4791f0ffa324a313b8390fbde6d8f82f716ecf74
|
| d396a448b2e36e29598c954b64bfddef73f3fae0 |
|
29-Jun-2013 |
Elliott Hughes <enh@google.com> |
Switch frameworks/base over from @hidden Charsets to public StandardCharsets.
Bug: 3484927
Change-Id: I5d136d2ee629588538602766a182ae14ce5fc63c
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| b2c0ff64d8ff92dab53e969a44fa12427d145952 |
|
13-Apr-2013 |
Kenny Root <kroot@google.com> |
Remove old KeyStore call sites
Remove the call sites that don't have the flags specified. This is to
ensure that callers know what flags they're setting.
Bug: 8122243
Change-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5f1d965f7d7e1df50981ffed8faa11fbcc17ca22 |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: change migrate to duplicate
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| bd79419ef84ae31f3765721b50aa413fa462d1d1 |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add "migrate" command
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 78ad849163a7b01073b46fbd7d818392720005d1 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
KeyStore: add API to uid versions
In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.
Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.
Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 58ed5d748c0b9b64845975ef5844ad313de7c3f6 |
|
07-Nov-2012 |
Kenny Root <kroot@google.com> |
am 768d9e1a: Merge "Correct executable bit for source files"
* commit '768d9e1a72ceee7d4a5f608776b87b62d6ce4a04':
Correct executable bit for source files
|
| 3a084af2e90849aaa8beb3a610189e3399c63ea0 |
|
07-Nov-2012 |
Kenny Root <kroot@google.com> |
Correct executable bit for source files
Many media files and source code files were marked as executable in Git.
Remove those.
Also a shell script and python script were not marked as executable.
Change-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 473c712b19bad992ab4eafcd43175fdce77b913d |
|
18-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime to Android KeyStore API
java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.
Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 96ad6cb080d0721a433d2bcb201f4a4582bf1caf |
|
10-Aug-2012 |
Kenny Root <kroot@google.com> |
Remove useless TestRunner
InstrumentationTestRunner can enumerate the test cases to run without a
special TestRunner.
Change-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 2a5b147ec8fc1235af928042bdfb78170b18067b |
|
31-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Change KeyStore to use Modified UTF-8 to match NativeCrypto
Bug: http://code.google.com/p/android/issues/detail?id=35141
Bug: 6869713
Change-Id: I61cb309786960072148ef97ea5afedb33dc45f4e
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5ea68db37fd5ad4e0ddc0745b4347e86f17f78db |
|
18-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Improve test key names to reproduce public issue
Also fixes other unrelated test failures.
Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950
(cherry-picked from f4019af04a1fc4b16aa5972cbcbba703caa5d78d)
Change-Id: I5b32b5ccac80f04a4d0fd6b21b8caa11e42995a7
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5423e68d5dbe048ec6f042cce52a33f94184e9fb |
|
14-Nov-2011 |
Kenny Root <kroot@google.com> |
Add signing to keystore
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| bef5e5aabcb6ab440829f4418d1cbc268564eee0 |
|
28-Jun-2011 |
Brian Carlstrom <bdc@google.com> |
Add KeyStoreTest.testGet
Now that system user can read keystore, add KeyStoreTest.testGet and update other tests to use KeyStore.get
Change-Id: I364866d52c2ecf550ff26aadc6e85126318889fa
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 5cfee3fabb3482c6a6df1c8b6f21e843cf214527 |
|
31-May-2011 |
Brian Carlstrom <bdc@google.com> |
Integrating keystore with keyguard (Part 1 of 4)
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| 34c47c855815d731e6deb55748ff690b0ec7b53f |
|
09-Mar-2010 |
Nick Kralevich <nnk@google.com> |
Don't rely on the system locale for converting to/from bytes.
By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.
Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.
Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.
Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|
| f35e9663d7bdae523953185b4ad6b6f9e8e7d6ca |
|
29-Sep-2009 |
Chung-yih Wang <cywang@google.com> |
Add unit test for the new keystore.
Since we need to test the keystore with user system in order to test
the reset(), password(), lock() and unlock(), we have to take advantage
of the ActivityUnitTestCase to run the test with the user 'system'.
/frameworks/base/keystore/tests/src/android/security/KeyStoreTest.java
|