af7783f735a56bebc5241bfe1a89db5944e3e06c |
|
21-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix multiple issues with the keystore grant mechanism 1. Ungrant did not check the callers uid which allowed any caller to remove grants to any key. 2. Grants were not removed when a key was deleted. 3. clean_uid did not clear the grant cache of the target uid. This would leave state grants that could have been used by a new app that happend to get the same uid as the one that was previously uninstalled. 4. Various paths did not respect grants: del, exist, getmtime The del path was particularly awkward because it is required by upgradeKeyBlob. This means it must work when a key that needs upgrading is accessed through a grant alias. Bug: 65851049 Merged-In: I6709b7562d47ad6156bee88a9e2d961f8a4a797d Change-Id: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
/system/security/keystore/keystore.cpp
|
3f30364811676678084e7a459fa0f684f95d1221 |
|
21-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fixed two bugs that broke the keystore granting mechanism Bug: 65851049 Merged-In: Ibea71d42934d283c95729eca6772a9aadb949a6a Change-Id: Ibea71d42934d283c95729eca6772a9aadb949a6a
/system/security/keystore/keystore.cpp
|
00f94598c73b9b30a6855862b514dc53789b564c |
|
21-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix misnomer and resulting bug in keystore.cpp On the upgrade path from keystore blobs version 0, the userId was interpreted as uid which resulted in it being converted to a userId a second time. This would result in keys belonging to other users being assigned to the main user. This patch fixes the bug and the misnomer that lead to the confusion. Bug: 65851049 Merged-In: I91975310b6140929dcb6820aa8bd4c28b8e5de5e Change-Id: I91975310b6140929dcb6820aa8bd4c28b8e5de5e
/system/security/keystore/keystore.cpp
|
687d8925ffb82902ea678a86aed875451b920b5d |
|
12-Sep-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix retreiving characteristics file for grant key" into oc-mr1-dev
|
d3024ed1a4ba1f46737ffb14499c31ca667e631b |
|
01-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix retreiving characteristics file for grant key getKeyForName was broken in case the name was a grant name and the type was TYPE_KEY_CHARACTERISTICS. In this case the key blob instead of the key characteristics blob was retreived. Bug: 65200397 Bug: 37264540 Bug: 62237038 Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement because it grants a key Change-Id: I0746d60555b51d47ea19ab05b9da29164c8b71db (cherry picked from commit 6905c336b29561abf7841cfa1bde5eeab62915e7)
/system/security/keystore/keystore.cpp
|
d714a676de8bf2bf87ea9b7efc04bc5a743eef45 |
|
01-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix use of auth-bound keys after screen lock removal When auth-bound keys are used after the screen lock has been removed it is expected that getKeyCharacteristics still succeeds. However, when the super encrypt feature was introduced the key blob is no longer accessible, and thus, the retrieving the key characteristics fails. This patch retrieves the key characteristics from the characteristics cache file, which is not super encrypted. Using such a key still fails but in ways expected by the framework. Bug: 65200397 Test: CtsVerifier ScreenLockBoundKeysTest: 1. Run test 2. with CtsVerifier in the background remove the screen lock through the settings dialog 3. Select VtsVerifier in 'recents' 4. Run test again Change-Id: Ifa88c58a41c376e4f800a76114d4cf9149506ac0 (cherry picked from commit 36316d673ef836a0a34a62ab4ccce67d22c8a0d2)
/system/security/keystore/keystore.cpp
|
6d449e8f4317b064c7868957b8ecc4472237d19e |
|
08-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Refurbish granting mechanism Keystore stores key blobs in with filenames that include the symbolic name and the uid of the owner. This behaviour should have been completely opaque to the user keystore. However, the granting mechanism, by which an app can allow another app to use one of its keys, leaked the internal structure in that the grantee had to specify the key name with the granter's uid prefix in order to use the granted key. This in turn collided with prefix handling in other parts of the framework. This patch refurbishes the granting mechanism such that keystore can choose a name for the grant. It uses the original symbolic key name as prefix and appends _KEYSTOREGRANT_<grant_no> where the grant_no is chosen as first free slot starting from 0. Each uid has its own grant_no space. This changes the grant call such that it now returns a string, which is the alias name of the newly created grant. The string is empty if the grant operation failed. As before apps can still mask granted keys by importing a key with the exact same name including the added suffix. But everybody deserves the right to shoot themselves in the foot if they really want to. Bug: 37264540 Bug: 62237038 Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement because it grants a key Change-Id: I723c44c7ae6782c8de42063744717d088cd49ba1
/system/security/keystore/keystore.cpp
|
e9830589dde19b080fbbfad5fdb1ae6e2955df68 |
|
18-Apr-2017 |
Shawn Willden <swillden@google.com> |
Use AES-GCM to encrypt keystore blobs. Keystore currently uses AES-CBC to encrypt keystore blobs, plus an MD5 digest for authentication. This scheme is mildly broken (b/26804580), but has not been replaced because keystore encryption was slated for removal. In order to support cryptographic binding of keys to user authentication on devices with trusted secure computing modules, keystore encryption has temporarily become relevant again, until a better solution can be constructed. Thus there's a motivation to replace the broken scheme with a proper authenticated encryption mode. Along the way, this CL also fixes a low-priority security vulnerability, b/31824325. Bug: 26804580 Bug: 31824325 Bug: 35849499 Test: Manually tested the new scheme and upgrading from the old scheme Change-Id: I139f2a7b7a3c01eade4e2d2a674d49d027179d43
/system/security/keystore/keystore.cpp
|
ccfff10f66d568b91ed155a798c5eaac2551f160 |
|
01-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Remove use of UniquePtr from keystore Remove UniquePtr from keystore in favour of std::unique_ptr Change-Id: I8e02adab4326028e26dbf59ac836679abe2a40de
/system/security/keystore/keystore.cpp
|
07aebe73053df12c21c7481a93146bd76add7fbd |
|
28-Feb-2017 |
Shawn Willden <swillden@google.com> |
Superencrypt authentication-bound keys. This CL causes keystore to automatically encrypt all newly-created keymaster key blobs which are authentication-bound. This appears on its face to be pointless, since the sensitive key material in the key blobs is already encrypted by the Trusted Execution Environment. It's not pointless because this adds a cryptographic dependency on the user's password, including any strengthening performed by LockSettingService... which may include the use of a separate hardware trusted module, separate from (and presumably more secure than) the TEE. A better solution is planned for the next release, but that requires changes to Gatekeeper and Keymaster. This superencryption will be removed when that work is done. Note that the encryption method used by keystore is weak. A separate CL will replace the weak method with a proper authenticated encryption. Test: Manual testing. Bug: 35849499 Change-Id: I0162d352837a1e936e7f08cab2afc5c0f8e0f129
/system/security/keystore/keystore.cpp
|
b8550a0929286bd8b91135c2beea1f61c01a441f |
|
23-Feb-2017 |
Shawn Willden <swillden@google.com> |
Add digest support and implementation name to getHardwareFeatures Test: Manual Change-Id: Iee20528e8d4f3931164aa988e11bfe71be4f56dc
/system/security/keystore/keystore.cpp
|
e2b6caff1a8265d7c84e4532330c4968d49d9296 |
|
03-Mar-2017 |
Janis Danisevskis <jdanis@google.com> |
Fixes KeyStore::isHardwareBacked KeyStore::isHardwareBacked was broken by the hidlization of the Keymaster HAL. This patch implements the functionality by quarrying the Keymaster HAL for hardware features. Bug: 35866007 Change-Id: I237e29a8b1c1b93a88b9fa8a969c3c832af384ff
/system/security/keystore/keystore.cpp
|
e8ba1802a649ada4cea78af133ab4fb549eb57f5 |
|
30-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Phase out keymaster fallback support Keystore uses two different keymaster devices. One device is provided by the OEM providing hardware/trust zone backed functionality. The other is a pure software implementation of keymaster. The latter was used when a "hardware" implementation failed generating or importing keys with certain parameters. This tolerance of misbehaving "hardware" implementations had the effect that this behavior has done unnoticed for too long. Therefore, we are phasing out the fallback device. This patch ensures that on devices with hardware implementations supporting keymaster 2.0 and higher there will be no fallback device papering over failures in the underlying keymaster implementation. Test: given a faulty KM2.0 implementation, import and generation of keys with otherwise supported parameters returns an error Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1
/system/security/keystore/keystore.cpp
|
69c434aee7a02f66e9a7bcf8ce014f8c48066eb6 |
|
30-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix keystore::del to use correct keymaster device. Keystore uses two different keymaster devices. One device is provided by the OEM providing hardware/trust zone backed functionality. The other is a pure software implementation of keymaster. The latter was used when a "hardware" implementation failed generating or importing keys with certain parameters. During the port to HIDL based HALs this fallback software device was removed and later reinstated. The delete function of keystore, however was left unaware of the existence of the fallback device and passed do-be-deleted "fallback"-keys to the hardware device which is unaware of the format and fails. This patch makes Keystore::del aware of the fallback device. Test: import and delete a key that is unsupported by the underlying "hardware" implementation of keymaster Change-Id: I011c19c515b4b41fedec0c21f89efb58279f297c
/system/security/keystore/keystore.cpp
|
c7a9fa29c185a8c1889486d4acf00fd59c513870 |
|
13-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Port to binderized keymaster HAL This patch ports keystore to the HIDL based binderized keymaster HAL. Keystore has no more dependencies on legacy keymaster headers, and therefore data structures, constant declarations, or enums. All keymaster related data structures and enums used by keystore are the once defined by the HIDL based keymaster HAL definition. In the process of porting, keystore underwent some changes: * Keystore got a new implementation of AuthorizationSet that is fully based on the new HIDL data structures. Key parameters are now either organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly, this was a mixture of keymaster's AuthorizationSet, std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The former is used for memory management and provides algorithms for assembling, joining, and subtracting sets of parameters. The latter is used as wire format for the HAL IPC; it can wrap the memory owned by an AuthorizationSet for this purpose. The AuthorizationSet is accompanied by a new implementation of type safe functions for creating and accessing tagged key parameters, Authorizations (keystore/keymaster_tags.h). * A new type (KSSReturnCode) was introduced that wraps keystore service response codes. Keystore has two sets of error codes. ErrorCode errors are less than 0 and use 0 as success value. ResponseCode errors are greater than zero and use 1 as success value. This patch changes ResponseCode to be an enum class so that is no longer assignable to int without a cast. The new return type can only be initialized by ResponseCode or ErrorCode and when accessed as int32_t, which happens on serialization when the response is send to a client, the success values are coalesced onto 1 as expected by the clients. KSSreturnCode is also comparable to ResponseCode and ErrorCode, and the predicate isOk() returns true if it was initialized with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1). * A bug was fixed, that caused the keystore verify function to return success, regardless of the input, internal errors, or lack of permissions. * The marshalling code in IKeystoreService.cpp was rewritten. For data structures that are known to keymaster, the client facing side of keystore uses HIDL based data structures as (target) source for (un)marshaling to avoid further conversion. hidl_vecs are used to wrap parcel memory without copying and taking ownership where possible. * Explicit use of malloc is reduced (malloc was required by the C nature of the old HAL). The new implementations avoid explicit use of malloc/new and waive the use of pointers for return values. Instead, functions return by value objects that take ownership of secondary memory allocations where required. Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts Bug: 32020919 Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
/system/security/keystore/keystore.cpp
|
9c28dd5f2797510c3da719144247e867c58c6e18 |
|
06-Oct-2016 |
Tucker Sylvestro <tuckeris@google.com> |
resolve merge conflicts of 0ab28b7 to nyc-mr1-dev-plus-aosp Test: Built with ". build/envsetup.sh && lunch shamu-eng && make -j32" Change-Id: I4b3081c2b9091fa2d66c717f5d57dc6e567c50e2
|
0ab28b78bd06a06a0ffa150cef5876d56212902a |
|
06-Aug-2016 |
Tucker Sylvestro <tuckeris@google.com> |
Support and use TAG_ALLOW_WHILE_ON_BODY There are three changes in this CL: 1. Persist all characteristics provided at the time of key creation. We do this to avoid device-specific keymaster implementations stripping keys they are not aware of. 2. Add an onDeviceOffBody API method that will be called whenever a wearable device is detected to have been removed. 3. Check whether a key was created with TAG_ALLOW_WHILE_ON_BODY and the device has gone off-body since the last auth event when deciding whether it can be used. BUG: 30701680 BUG: 28911985 Change-Id: I6be3af3dee8e576fe713dfdd726502d8b333f224
/system/security/keystore/keystore.cpp
|
451f205ba2744effd53fd3555cdc4080c14d7d9b |
|
23-Aug-2016 |
Bin Chen <pierr.chen@gmail.com> |
Merge "keystore: replace VLA with vector" am: 9c6612e264 Change-Id: Ic137fde859285c3a693b3e4b7642900d2ff34ada
|
cfd95aeb641d9adbfc8e8466dda952a5f7a3fe3f |
|
21-Aug-2016 |
Bin Chen <pierr.chen@gmail.com> |
keystore: replace VLA with vector According to Google coding style, no VLA since it is not part of c++ standard and could blow up the stack. Change-Id: Ie79b56cd9a02ecebba76d88af727c6accbcfd45c Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/keystore.cpp
|
89c52f16ecea4ebf08d6b3c863e0848438bac23d |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge "Update Keystore to use keymaster2 HAL." am: fd50293cd5 am: f647e0a994 * commit 'f647e0a99492d21825e891c53b9a05fed04dbb9c': Update Keystore to use keymaster2 HAL.
|
c1d1feee514e6138e1ed8ff924f5453ba8e1408a |
|
27-Jan-2016 |
Shawn Willden <swillden@google.com> |
Refactor keystore. This CL isn't nearly as big as it looks. It doesn't change keystore functionality, it just moves all of the classes out of the former keystore.cpp into their own .h and .cpp files. Note that this is a cherry-pick from: https://android-review.googlesource.com/#/c/194971 Change-Id: Ide326c4f1d03984994d1bd9a76fa68d37da230dc
/system/security/keystore/keystore.cpp
|
715d023c9294cf4860f73c8d83e82c5aa699add6 |
|
21-Jan-2016 |
Shawn Willden <swillden@google.com> |
Update Keystore to use keymaster2 HAL. This CL doesn't wire in any of the new keymaster2 features, it just uses the keymaster2 HAL rather than the keymaster1 HAL. This means that if keymaster1 hardware is found, it is unconditionally wrapped in SoftKeymasterDevice, so keymaster2 functionality can (eventually) be provided. Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3
/system/security/keystore/keystore.cpp
|
6507c27ab7ea34dd150d7ef9fda41878ed32547c |
|
06-Jan-2016 |
Shawn Willden <swillden@google.com> |
Refactor keystore. This CL isn't nearly as big as it looks. It doesn't change keystore functionality, it just moves all of the classes out of the former keystore.cpp into their own .h and .cpp files. Change-Id: I29a1ce21bff574be56128b32fc417e5a3d3c55fb
/system/security/keystore/keystore.cpp
|
80b09638de3571d2c12aa3d6e3d22682fc431b72 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Merge "Limit maximum number of concurrent keystore operations." am: 108a5d34b5 * commit '108a5d34b5ce181dff52906a66862ec084841ec4': Limit maximum number of concurrent keystore operations.
|
447095f2a797e7ffeeda13477498d4dda0a7353a |
|
30-Oct-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. Bug: 25312003 Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
|
85978d0c5991cebaec1211d4111fbbcb01f27514 |
|
03-Nov-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. am: ddab0bb513 am: 7335397765 am: d7870f1fea * commit 'd7870f1fea0f7d27dd46153558766088414ec640': Limit maximum number of concurrent keystore operations.
|
d7870f1fea0f7d27dd46153558766088414ec640 |
|
02-Nov-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. am: ddab0bb513 am: 7335397765 * commit '733539776541fa51bddf2d38fb57e556d563d9af': Limit maximum number of concurrent keystore operations.
|
ddab0bb51320af9f277d98a4e36e77ea527503e5 |
|
30-Oct-2015 |
Shawn Willden <swillden@google.com> |
Limit maximum number of concurrent keystore operations. If keystore is allowed to consume all 16 of the keymaster operation table slots, cryptfs may not be able to use keymaster to protect the disk encryption key during a password change. This CL prevents keystore from allowing more than 15 concurrent keystore operations, leaving one available for cyptfs. Bug: 25312003 Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
|
f240a412a5ecb9dd104bf8a274d16f1683c2bcd1 |
|
12-Oct-2015 |
Chad Brubaker <cbrubaker@google.com> |
am bc22f8d6: am 410ba59a: Fix failure to save master key on new profile * commit 'bc22f8d63e2ca24ee4ee9d61258d6704bc78724b': Fix failure to save master key on new profile
|
4ada9a3f62bab66a2e7cd4fc05fb208033412980 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
am 549adfa1: am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial" * commit '549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2': keystore: log pid and uid when auditing SE Linux denial
|
549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial" * commit '75ddca240244626f8af999fa7fb64d500efa4938': keystore: log pid and uid when auditing SE Linux denial
|
75ddca240244626f8af999fa7fb64d500efa4938 |
|
10-Oct-2015 |
Nick Kralevich <nnk@google.com> |
Merge "keystore: log pid and uid when auditing SE Linux denial"
|
410ba59a76a8feb48ffb5bde3045ac6f76db0c36 |
|
10-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix failure to save master key on new profile New profiles use the master key of the parent user for keystore. Unfortunately copyMasterKey only copies the key from the parent to the user in memory but doesn't save it to disk, causing the child user to be uninitialized after a reboot. Bug: 23889443 (cherry picked from commit 79e0f6440aee69659bc01a0669a329dbaeaf471c) Change-Id: I1f148fde3862d22292dfce217aacdc3f70f9c2ef
/system/security/keystore/keystore.cpp
|
e46b855e51233a33880e35eff9553550dc797754 |
|
02-Oct-2015 |
William Roberts <william.c.roberts@intel.com> |
keystore: log pid and uid when auditing SE Linux denial When debugging SE Linux rules, the pid and uid of the source context are helpful in determining what was involved in generating the policy violation. This information was absent from the keystore logs. To remedy this, we add pid and uid to the logs: avc: denied { exist } for pid=571 uid=1000 ... Change-Id: Ic22128720aa8ac225f26896f9e710783c8ab4f70 Signed-off-by: William Roberts <william.c.roberts@intel.com>
/system/security/keystore/keystore.cpp
|
7a8a436c1dd8a07e1cf718d6a3f59537a7ee6677 |
|
11-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Fix failure to save master key on new profile"
|
79e0f6440aee69659bc01a0669a329dbaeaf471c |
|
10-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix failure to save master key on new profile New profiles use the master key of the parent user for keystore. Unfortunately copyMasterKey only copies the key from the parent to the user in memory but doesn't save it to disk, causing the child user to be uninitialized after a reboot. Bug: 23889443 Change-Id: I73dfa5d8a2ed064762440dca0ee1a0115b291a97
/system/security/keystore/keystore.cpp
|
ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e |
|
09-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow uid to be passed for more operations This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to accept a uid to run as. This is only for system to use keys owned by Wifi and VPN, and not something that can be used to do operations as another arbitrary application. Bug: 23978113 Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/keystore.cpp
|
dbb856e278adb2a1dc05e585a54d80b068247c3c |
|
27-Aug-2015 |
Chad Brubaker <cbrubaker@google.com> |
Remove legacy KM_TAG_CREATION_DATETIME KM_TAG_CREATION_DATETIME is never set anywhere else and the computation leads to an unsigned overflow false positive. Change-Id: I7eca6a975ca2f8b199dfcb4871a1e1d6750afc78
/system/security/keystore/keystore.cpp
|
c2120744da8d0612ad54484b314f94e1e6e3a167 |
|
13-Aug-2015 |
Shawn Willden <swillden@google.com> |
Merge "Wrap incomplete keymaster1 implementations with sw keymaster." into mnc-dr-dev
|
54b1e9ad01c8042a449a9237833a335d6be04e83 |
|
12-Aug-2015 |
Chad Brubaker <cbrubaker@google.com> |
Properly check for Blob max length sizeof(mBlob.value) is incorrect because writeBlob pads up to the next AES_BLOCK_SIZE Bug:22802399 Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
/system/security/keystore/keystore.cpp
|
55268b5b037a8c3537602b1073ad624455d3672d |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Wrap incomplete keymaster1 implementations with sw keymaster. SoftKeymasteDevice can provide software digesting and padding for keymaster1 implementations that don't provide all of the required digests. This CL modifies keymaster to check for such keymaster1 implementations and add a SoftKeymasterDevice wrapper. The SoftKeymasterDevice work necessary to make this function would have required adding an implementation of the keymaster0 API import_keypair in terms of keymaster1 API calls (import_key). Rather than do that, I instead implemented the relevant keystore function directly on the keymaster1 API. This approach is cleaner than adding the same code into the translation layer, and allows removal of the last vestiges of keymaster0 API usage from keystore. Bug: 22529223 Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
/system/security/keystore/keystore.cpp
|
803f37f5d1bf75cb6e0d007f7d473645efd19a1d |
|
29-Jul-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix unchecked length in Blob creation Applications can specify arbitrary blobs using insert(), check their length to prevent overflow issues. Bug:22802399 Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
/system/security/keystore/keystore.cpp
|
2de8b75821bd62c90dde78e2ca78bbddfaf7ab19 |
|
23-Jul-2015 |
Shawn Willden <swillden@google.com> |
Add all digests and padding modes to legacy keys Bug: 22556114 Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659
/system/security/keystore/keystore.cpp
|
a9a17eeca2f5d9d3101a7e0bb136360697b6e2f0 |
|
17-Jul-2015 |
Chad Brubaker <cbrubaker@google.com> |
Mark 0 length files as corrupt Files created by keystore should never be 0 length however a vendor ran into such a case when testing their keymaster and a side effect of how keystore parses files leads to these keys being considered encrypted and ulitmately undeletable. Now mark 0 length files as corrupt in readKey and when deleting a key if the key fails to read in because it was corrupt simply rm the file since it is not possible to feed the key blob to keymaster's delete method. Bug: 22561219 Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
/system/security/keystore/keystore.cpp
|
b913aa5774c96fae83afe3dd1935394f0edcaaa9 |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Abort operation pruning only if it fails to make space." into mnc-dev
|
700c1a35c52798831b8a8d76a042c4650c6d793f |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Abort operation pruning only if it fails to make space. keystore service's begin operation may sometimes encounter a situation where the underlying device's begin operation fails because of too many operations in progress. In that case, keystore attempts to prune the oldest pruneable operation by invoking the underlying device's abort operation. Regardless of whether the abort operation fails, keystore then removes the operation from the list of in-progress prunable operations. The issue is that when the underlying device's abort operation fails, keystore fails the begin operation that caused all this prunining. This is despite the fact that keystore has managed to make space for one more operation. The fix is to fail the begin operation only if the pruning attempt did not make space for a a new operation. Bug: 22040842 Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
/system/security/keystore/keystore.cpp
|
4e88f9be2b3bb3dcea43f338532882681ee77352 |
|
24-Jun-2015 |
Alex Klyubin <klyubin@google.com> |
Don't ignore errors from begin operation. This fixes a bug introduced by 9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization checks after begin operation, while ignoring any errors returned by that operation. This CL restrores the correct order: authorization checks are followed by begin operation. Bug: 22039986 Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
/system/security/keystore/keystore.cpp
|
9221bff2f13451ef330135bb32ea96de2a8b09cc |
|
19-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster authorization policy enforcement to keystore. Bug: 19511945 Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
/system/security/keystore/keystore.cpp
|
84c14f0957b365fd33534b88b7eec97b287b67b9 |
|
18-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Remove exist check from doLegacySignVerify" into mnc-dev
|
df70517b8d85b30e6ac7001ec68348f07d5129cb |
|
18-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Remove exist check from doLegacySignVerify exist requires the keystore exist permission which callers of sign/verify may not have. Instead log key not found if begin returns ::KEY_NOT_FOUND. Bug: 21658885 Change-Id: I8c42f3a636a248e3fb1f0344bf32667fce57f667
/system/security/keystore/keystore.cpp
|
b2ffa420da26414379b31807eec76ec8c9f3b0a9 |
|
17-Jun-2015 |
Shawn Willden <swillden@google.com> |
Don't check authorizations for pubkey operations. Bug: 21877150 Change-Id: I43dafb66fc3246f4d8e3bf4743fbdcbe072468d1
/system/security/keystore/keystore.cpp
|
773a2ba83309dc531c5a4b61ec0658bd6ee67dab |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
|
3a7d9e626fa6c0e116c07be912c319aad6e08614 |
|
05-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Rewrite legacy methods in terms of new methods Rewrite generate, import, get_pubkey, sign and verify using the new keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish). This also removed DSA support from generate and import. Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
/system/security/keystore/keystore.cpp
|
3cc40125e8b495e7f0784dad53bb9acdb5b9a8eb |
|
04-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow keymaster 0.3 keys to interopt with keymaster 1.0 methods Keymaster 0.3 keys are all valid keymaster 1.0 keys, so allow get to return a keymaster 0.3 when looking for a 1.0 key to allow new methods to work on old keys. Change-Id: I20a32e39769a548224bcca7a42ef967285431c5d
/system/security/keystore/keystore.cpp
|
f82cd5c843faddb89156d331c8d96522878a0524 |
|
04-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add optional additional entropy to finish" into mnc-dev
|
0d33e0babec356b1e69f1f15e8d9fe2ad878762c |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. (cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191) Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
|
8c683b98e0b7ed1aa319f727f1d87ba5c410b30b |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Use keymaster adapter to support older devices" into mnc-dev
|
57e106dc183744cdc05c62bea11bc285b3346846 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
|
bd07a239085228c25898bc6cdece8b1b8758df83 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use keymaster adapter to support older devices The keymaster adapter wraps the hardware module to allow keystore to call the new keymaster methods on it and continue using old keys created by that device with the new methods. Change-Id: Ica08d81c3707023d378ad5fe6562dc642f58ca90
/system/security/keystore/keystore.cpp
|
8cfb8ac6e9bd291e9d861a32de2719e3bc797191 |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
|
e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. (cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9) Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
|
9bee6bd6335d6e82f8227ba2c268d31361b048fc |
|
15-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Cleanup keystore API"
|
c0f031a867a6c3fa05732fcd72bd284d56073cf8 |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. (cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce) Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
|
72593ee807e89239d98ae08d32c733ecc08203ba |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor uids to user ids where appropriate UserState related methods previously took uid's while the state was based on userId, with the new keystore methods taking userIds start moving everything in that direction. (cherry-picked from commit 4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b) Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
|
8df5438982209eecb04921b0202dc9ad11e9c31d |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix missing ALOG argument Change-Id: If0dca499c884100f296d38bcde7183b186bca44c
/system/security/keystore/keystore.cpp
|
9443616391a705856b2cad026afb69dc23a346e9 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
|
fd777e7111ce01c672706867302db08371e5afce |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
|
4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor uids to user ids where appropriate UserState related methods previously took uid's while the state was based on userId, with the new keystore methods taking userIds start moving everything in that direction. Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
|
eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. (cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e) Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
|
96d6d7868303ad87f1f408c40d3c44bcb39f561e |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
|
b37a52337f001f8a43f7cbb64203dba78560ee6b |
|
01-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix permission check in reset_uid and clear_uid System should be able to call these methods with any targetUid. (cherry picked from commit 01771ae9db7338377317d82e9c7d8dfa2d4299a8) Bug: 20752184 Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
|
01771ae9db7338377317d82e9c7d8dfa2d4299a8 |
|
01-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix permission check in reset_uid and clear_uid System should be able to call these methods with any targetUid. Bug: 20752184 Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
|
0400675b20e36b976ec13b63e290e6d5d19bf654 |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Enable SoftKeymasterDevice logging. Bug: 20717652 Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0 (cherry picked from commit 2764f8672d22ccfb4ed588ce567ef093c7d3e013)
/system/security/keystore/keystore.cpp
|
9e5016af70cf40f3f443196133d711e28297cdde |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Enable SoftKeymasterDevice logging. Bug: 20717652 Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
/system/security/keystore/keystore.cpp
|
9fd05a9a6299e9688c8fcf755516ea254868d187 |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Use SoftKeymasterDevice::keymaster_device rather than casting. Also document that SoftKeymasterDevice should not be freed. Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723 (cherry picked from commit 47a79ffad8333120870cb613fa4e75990b073026)
/system/security/keystore/keystore.cpp
|
ef572b648ef26b3348fcbd7c75a8d13292bd094b |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Use SoftKeymasterDevice::keymaster_device rather than casting. Also document that SoftKeymasterDevice should not be freed. Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
/system/security/keystore/keystore.cpp
|
7169a8470f6539036addf3c960b075af224e83e2 |
|
30-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix addOperationAuthTokenIfNeeded lookup (cherry picked from commit 6b541163b3f3271f48e6ff74d1f1da64c6bb8802) Bug: 20702036 Change-Id: I4caa9f7a6e6e2b05f63b12180a5af65d3a5c0bac
/system/security/keystore/keystore.cpp
|
6b541163b3f3271f48e6ff74d1f1da64c6bb8802 |
|
30-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix addOperationAuthTokenIfNeeded lookup Bug: 20702036 Change-Id: I08038ba0ee9e3a35f6c37ce572df284be728b4a7
/system/security/keystore/keystore.cpp
|
0cf34a249c008743cf2e2371743a89f86aa4b03c |
|
23-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Move auth token checking to begin Auth tokens will now be checked on begin and then used for all subsequent calls for that operation, this means that things like auth timeouts will only be checked on begin, and operation that starts at timeout - .00001 will now be able to be used to completion. One exception to this is keys that use per operation authorization. Begin for these operations must succeed so that the application gets a handle to authorize. For those keys if the application calls update before authorizing the operation the call will fail. For these keys begin will return OP_AUTH_NEEDED so let the caller know more work is needed before using the operation. (cherry picked from commit aebbfc2ba548064e4f537154bab6ec60dfe4115e) Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff
/system/security/keystore/keystore.cpp
|
aebbfc2ba548064e4f537154bab6ec60dfe4115e |
|
23-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Move auth token checking to begin Auth tokens will now be checked on begin and then used for all subsequent calls for that operation, this means that things like auth timeouts will only be checked on begin, and operation that starts at timeout - .00001 will now be able to be used to completion. One exception to this is keys that use per operation authorization. Begin for these operations must succeed so that the application gets a handle to authorize. For those keys if the application calls update before authorizing the operation the call will fail. For these keys begin will return OP_AUTH_NEEDED so let the caller know more work is needed before using the operation. Change-Id: I5dda40803e7b2aecac27defc64d6d3f630d3f0d0
/system/security/keystore/keystore.cpp
|
57430977cf7b758a4fe955933e32c5d2d44574b2 |
|
17-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am c598fab3: am d914f657: am 7a4dd551: Merge "Flush the auth token table on resetUid" * commit 'c598fab3ae8e363f84e2d6f41dd6511e27df240f': Flush the auth token table on resetUid
|
bbc7648d285f67b898d24d307b011fb676ba6643 |
|
17-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Flush the auth token table on resetUid This prevents old stale auth tokens from sticking around after clearing. Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900
/system/security/keystore/keystore.cpp
|
7e6916b6c6019f0f61a4ef757863ca16693128f5 |
|
15-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am a1581c4e: am 83ee2e7a: am f1b8f6bf: Merge "Refactor permission and state checking" * commit 'a1581c4e1778b31d4fd8cfe9a1219b93d5276df2': Refactor permission and state checking
|
9489b7905acfb27a99dd505364a715f4cf2ab5e6 |
|
14-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Refactor permission and state checking Move the permission checking code to checkBinderPermission and checkBinderPermissionOrSelf target to simplify permission checking code and clean up keystore methods. Also adds checkBinderPermissionAndKeystoreState as a helper method to check the permission and the unlock state of the keystore. Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559
/system/security/keystore/keystore.cpp
|
87f0b385a188db1df285c0ce820b7e2ab43e1e1c |
|
10-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 8c6319b6: am cf0de02b: am 368a1f93: Merge "Store the key characteristics for operations" * commit '8c6319b69c51102a0fae3baba0585130e278edab': Store the key characteristics for operations
|
ad6514ab7a57504aa3b04bcc383f60940b923710 |
|
09-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Store the key characteristics for operations Instead of storing the key blob and parsing the characteristics out, which some implementations might not support, instead call get characteristics on begin and store that result for subsequent auth calls. Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12
/system/security/keystore/keystore.cpp
|
eeb99fe1b42c7b4f8298c464cc532994b8531031 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am dbc0be0a: am a6aa6000: am c1e78258: Merge "Add auth token fetching" * commit 'dbc0be0a3efb02221913d03ac7dcf9f3832ac06b': Add auth token fetching
|
a197d3377a1672439023b9509e402a5abeea8e21 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 7fffb19f: am 12ef4ba4: am 8c195ad7: Merge "Implement addAuthToken" * commit '7fffb19f1a0f6da7c051299b6a69504f7078ab20': Implement addAuthToken
|
06801e0a7ccabbe8f22cff29b7edb7c7d02d7692 |
|
01-Apr-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add auth token fetching Auth tokens are now fetched from the table in begin update and finish if needed. Begin will not fail on a missing/expired auth token since some authorization requires a valid operation handle. This doesn't yet do any enforcement of the token beyond what the auth token table does, that should happen in the keymaster auth code when it is done. This also includes the key in the operation map since authorization works based off that and not the handle. Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1
/system/security/keystore/keystore.cpp
|
d80c7b487b2f7f0bf955d0efeaa3db6dcd160639 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement addAuthToken Change-Id: I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd
/system/security/keystore/keystore.cpp
|
46552e74f266f3998e42d45d2d13eb1b44a7a01c |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 026efd18: am eeb4e1e1: am 96cf1b1e: Merge "Include operation handle in OperationResult" * commit '026efd182ec465169dde8879d2717be580e15846': Include operation handle in OperationResult
|
96cf1b1ee907696cc4342c1b4992c657d0b6aa33 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Include operation handle in OperationResult"
|
36d1b897161385479d511b3c416dc81058e34221 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 534b1800: am ec129679: am 41efb6a5: Merge "Add authorization binder methods" * commit '534b1800f39b5b72de641cf7f3271bf9cd77ef4d': Add authorization binder methods
|
41efb6a58c7efd63d3493f9095284c74ed363d46 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add authorization binder methods"
|
2a36a4f1d738185619b9aa48260fb34a39d04c37 |
|
28-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 3b8021da: am 56cba306: am 1cee95d5: Merge "Allow entropy to be provided to some operations" * commit '3b8021da70494509b46be903a8624a911e63ae08': Allow entropy to be provided to some operations
|
154d7699cc30ef5156d6497258c4dd350fcb1286 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations generateKey and begin can now optionally take an array of bytes to add to the rng entropy of the device before the operation. If entropy is specified and the device does not support add_rng_entropy or the call fails then that device will not be used, leading to fallback or error depending on the situation. Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/keystore.cpp
|
bb219bcfcc868cd2a52483e32a5c33412ede83d3 |
|
25-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am f44043da: am d020cf7f: am e3ec7541: Merge "Make client/app ids objects in the binder API" * commit 'f44043daf3ea073823b10f535b237b3ab624a291': Make client/app ids objects in the binder API
|
d663442b590b59250062335cc057478001b8e439 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make client/app ids objects in the binder API Previously a null client/app id was translated into a blob with length=0, data=NULL, but this was a bit janky and required null ids to be set on key creation/import. Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/keystore.cpp
|
2ed2baa7de690b09430b40625e6b18d10757a2fd |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add authorization binder methods Add methods for sending an auth token to keystore and to query the authorization state of a given operation. These methods are currently stubs until authorization is implemented. Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/keystore.cpp
|
c3a1856bbe2e39d5b3430f5f088b12fd710a159f |
|
18-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Include operation handle in OperationResult Some authorization code needs to know the actual underlying operation handle, not simply a reference to it, so return it in case it is needed. Note that the handle cannot be used by the application to reference an operation. Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/keystore.cpp
|
47f8edd24cf93a7e9dda01da82e8a579dc3be3f2 |
|
17-Mar-2015 |
Alex Klyubin <klyubin@google.com> |
am bf9efff8: am 3bfd091a: Merge "Implement keymaster 1.0 crypto operations" * commit 'bf9efff8dc8b9c6b48ca2b487c0f9c4a287733f2': Implement keymaster 1.0 crypto operations
|
e4af5e6bb0a6d393b0e5cac2978366de0a23f3d8 |
|
17-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 6ee02f24: am f394e372: Merge "Implement keymaster 1.0 export_key method" * commit '6ee02f24e40223b51c6e66d0f7d527f9e4f3e622': Implement keymaster 1.0 export_key method
|
944befbec268f0094c3c174156187066737d187d |
|
17-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 86466698: am b4e09c2d: Merge "Implement keymaster 1.0 import_key method" * commit '864666987be48548d1077a2aa780b1cacb950657': Implement keymaster 1.0 import_key method
|
40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/keystore.cpp
|
07b0cda3b14d16205ce3040d00bc18d15eda5fdc |
|
19-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 export_key method Change-Id: I2a87cb61c340a099cc98d1a2db9e7390fb001b5d
/system/security/keystore/keystore.cpp
|
4c353cb98e52e2ea8f051b517fec064f1d3fa99f |
|
11-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 import_key method Change-Id: I5bc24bc3177c6fc88141a42ed4d6a7a3d42e2c2f
/system/security/keystore/keystore.cpp
|
49185e7f39bcf8c79360a924fc405ebd4c1a70b0 |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 2ca97bcd: am af3e993d: Merge "Implement keymaster 1.0 get_key_characteristics method" * commit '2ca97bcd70bd55a5bf75f1ed8e836bdc876c8c9d': Implement keymaster 1.0 get_key_characteristics method
|
af3e993d459791f77feb66756bc2ac21d46a052a |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Implement keymaster 1.0 get_key_characteristics method"
|
f06a45374c63e11631e124dbb3199dda206e595b |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 48c45fec: am f24ee2bb: Merge "Removed unused variables" * commit '48c45fec70722c0afd9af7e98b868bd0aa952ec8': Removed unused variables
|
db38ca0e0493b97597041cf1032976c46f4a12bd |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Removed unused variables Change-Id: Ie2d46b2a864c9b0e75f4a055f2cc68810c16e763
/system/security/keystore/keystore.cpp
|
9c9cb2f32cc9e78a647411aae8bc24dfb02710ef |
|
16-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am fc0bc737: am 1bc16e46: Merge "Implement keymaster 1.0 generate_key method" * commit 'fc0bc7374ff769fd069e7fb0f4e4f7643b52916a': Implement keymaster 1.0 generate_key method
|
6cce2c3420458fe7a29da6b6c7e6a246017dac3b |
|
11-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 629d2d27: am f9a96d81: am b0f70423: Merge "Implement keymaster 1.0 add_rng_entropy" * commit '629d2d27f44798e3cf58f4671560ac04c4b59fe7': Implement keymaster 1.0 add_rng_entropy
|
67d2a5029e8c25c5ee448e3bbd245cdcebe6abd3 |
|
11-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Fix build: Revert "Use keymaster 1.0 softkeymaster"" This reverts commit d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f. Change-Id: I774a418f30b1f57fbccdb06efe242b0212370f02
/system/security/keystore/keystore.cpp
|
f3f071fc5020fa5255f49e898a7c4a1cbf824a99 |
|
11-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 get_key_characteristics method Change-Id: I02e1ff4ef67f5e3dcd34453ac2a16218961a03bf
/system/security/keystore/keystore.cpp
|
17d68b9520e66226f1c7b2e1b3bd183ac80ca58b |
|
06-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 generate_key method Change-Id: Ib63de5d9ee8da60599af2e644122ac6777720c8c
/system/security/keystore/keystore.cpp
|
d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f |
|
11-Mar-2015 |
Ed Heyl <edheyl@google.com> |
Fix build: Revert "Use keymaster 1.0 softkeymaster" This reverts commit 919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee.
/system/security/keystore/keystore.cpp
|
a909f80ddbe2174e223cf5266156eb2b9c4a0faf |
|
10-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
am 0d03a496: am bb196a1b: am 1b0fbce9: Merge "Use keymaster 1.0 softkeymaster" * commit '0d03a496110f58f28a85e4d1e5e8640fcc589c61': Use keymaster 1.0 softkeymaster
|
9c8612c88dc03dc52d85e7a482453e04e7e3e2a2 |
|
09-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 add_rng_entropy Change-Id: Ib027930049dec289b62e45eaa6cad32c03d9556c
/system/security/keystore/keystore.cpp
|
efd601baf982e17c09f581d6a462c0de046acd9a |
|
08-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
resolved conflicts for merge of 41ceb7db to master Change-Id: I72c429dbf30f3313ca12ccee3cceb7ff6e49f719
|
919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee |
|
06-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use keymaster 1.0 softkeymaster This changes the fallback device to the new keymaster 1.0 softkeymaster as well as changes keystore to use keymaster1_device_t's everywhere internally. It is safe to cast a keymaster0_device_t* to a keymaster1_device_t* and access all the keymaster0 methods, but all keymaster 1.0 method calls on the hardware device MUST check that the device version is >= keymaster 1.0. Change-Id: I6a5906da774f774723c14ea71f69b1c1efcc5a33
/system/security/keystore/keystore.cpp
|
9899d6b392e8223c3c00bfccadd43b18cdc96b4f |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 1.0 binder methods Add all the serialization required for the new keystore binder API to support keymaster 1.0. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/keystore.cpp
|
b060ae059cb9f891af49e93aa0d546b2e5a838a8 |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Revert "Add Keymaster 0.4 binder methods""
|
6266c9670154d33488c2d31d1715b2a35f5e631b |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Add Keymaster 0.4 binder methods" This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399. Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/keystore.cpp
|
cbafa3d3c4cd39118380af2076b6eab12d6beedf |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add Keymaster 0.4 binder methods"
|
80843db63ed6b61c953a1243801117a15c9e8c38 |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Separate keymaster0 and keymaster1 HALs. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
|
a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498a |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Separate keymaster0 and keymaster1 HALs. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
|
c5b1ae13eca39a1f63cc690369d1eee445d3c399 |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 0.4 binder methods Add all the serialization required for the new keystore binder API to support keymaster 0.4. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/keystore.cpp
|
409350fe9d13f2b663a757e1384084856d279467 |
|
23-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Merge "Initialize the blob struct before using it."
|
7c1eb75a6898452867ca28a4d7fad2d91edca615 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix incorrect keymaster device usage. importKey's fallback code used mDevice instead of mFallbackDevice when falling back to software. Causing a crash. Change-Id: Ic53bdbce9ae0d242ed958323c505cbf91372e421
/system/security/keystore/keystore.cpp
|
1773b442b16098c6d111d6371d4a986a0747992b |
|
20-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Initialize the blob struct before using it. Bug: 19457895 Change-Id: Ie69cf9c5c8e6707b9e6d4ded5118775496df4bb9
/system/security/keystore/keystore.cpp
|
c3d14005892efde05a7abdb476d7ffcd79fe5ff4 |
|
12-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Use a keystore_device for fallback to softkeymaster"
|
fc18edcdfe2f7774e621030d51338f3216170b97 |
|
13-Jan-2015 |
Chad Brubaker <cbrubaker@google.com> |
Use a keystore_device for fallback to softkeymaster Makes the fallback to the software keymaster code cleaner and removes direct calls to the fallback methods to make changing the implementation easier. Change-Id: I24f91f159744991d25aa3ce0638fc3d16284aeb2
/system/security/keystore/keystore.cpp
|
aaf9802da6cea710e0777abb852724e1825cad63 |
|
25-Jan-2015 |
Elliott Hughes <enh@google.com> |
Include <strings.h> for ffs. No pun intended. Change-Id: I89b2c73af143053223f8116e65456f85f09fb591
/system/security/keystore/keystore.cpp
|
50ad778dc24adbd2cb9c79ed4bf312b9fff17865 |
|
26-Sep-2014 |
Robin Lee <rgl@google.com> |
am 90c47791: Merge "Delete user\'s keys only after keystore reset" into lmp-dev * commit '90c4779146c9ac154fe85cd6a0775f8e1fc29be8': Delete user's keys only after keystore reset
|
90c4779146c9ac154fe85cd6a0775f8e1fc29be8 |
|
26-Sep-2014 |
Robin Lee <rgl@google.com> |
Merge "Delete user's keys only after keystore reset" into lmp-dev
|
4b84fdc21457e16b08dc2738f4744c9ca7f7cc46 |
|
24-Sep-2014 |
Robin Lee <rgl@google.com> |
Delete user's keys only after keystore reset Original behaviour deletes all keys on the device, not just those for the caller. We use the clear_uid routine to call delete_keypair on all known keys instead. Bug: 17403144 Change-Id: If43465ed593153a557b2129968a3adf12d2749cb
/system/security/keystore/keystore.cpp
|
eb819f75ae440b39b441cff73808df5641286139 |
|
26-Sep-2014 |
Kenny Root <kroot@google.com> |
am a39da5a2: Fallback to software keystore on import_key failure * commit 'a39da5a226975f8b75f93de255a21d526ae8d334': Fallback to software keystore on import_key failure
|
a39da5a226975f8b75f93de255a21d526ae8d334 |
|
25-Sep-2014 |
Kenny Root <kroot@google.com> |
Fallback to software keystore on import_key failure This is to allow keymaster HAL 0.3 types to be able to fallback when they don't support DSA or EC keys. Bug: 17576126 Change-Id: I7e1e806e26fb61e2cd033d7d3a2c09560764ca42
/system/security/keystore/keystore.cpp
|
f33c72fcd7b8e599e5d3d096ea3912fa3c53ff07 |
|
12-Sep-2014 |
Kenny Root <kroot@google.com> |
am 31e27468: isEmpty checks all files like reset * commit '31e27468b6d822adbd2aec9219a68c206aa6957c': isEmpty checks all files like reset
|
31e27468b6d822adbd2aec9219a68c206aa6957c |
|
10-Sep-2014 |
Kenny Root <kroot@google.com> |
isEmpty checks all files like reset Since reset deletes all files in a user directory, change isEmpty to alse look at all files in the directory. This makes the two symmetric. Bug: 16935053 Change-Id: Id30685203f4b5484d757022ee971f8d877c15263
/system/security/keystore/keystore.cpp
|
9e0c0a784e4c94d7b829b5837bdad10076f06e98 |
|
04-Sep-2014 |
Chih-Hung Hsieh <chh@google.com> |
am f583a75c: Merge "Comment out unused parameter." * commit 'f583a75c0940218c3df0170b514bcba1c992aecf': Comment out unused parameter.
|
a25b2a397fff48dea7bce16af2065e6f5f043956 |
|
03-Sep-2014 |
Chih-Hung Hsieh <chh@google.com> |
Comment out unused parameter. BUG: 17281763 Change-Id: I1881e31893cd2d84389e4b29a4408d58654c20ca
/system/security/keystore/keystore.cpp
|
4e865753346fc6a075966972a7a98051818859db |
|
19-Aug-2014 |
Robin Lee <rgl@google.com> |
APIs for syncing password between profiles Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/keystore.cpp
|
b224f0ae07dd86cd7493bd497e1174db52b3782d |
|
12-Aug-2014 |
Robin Lee <rgl@google.com> |
Correct double-convert from uid to userid This was making readMasterKey and writeMasterKey always operate on user 0, because of a double-division - getUserState(*) already takes into account that the argument is a uid. Fixes a number of issues related to multi-user and keystore; works toward fixing bug 16233206. (cherry picked from commit 50122db50bcb6c1aab50ef235c8f9d264b50e97a) Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
|
50122db50bcb6c1aab50ef235c8f9d264b50e97a |
|
12-Aug-2014 |
Robin Lee <rgl@google.com> |
Correct double-convert from uid to userid This was making readMasterKey and writeMasterKey always operate on user 0, because of a double-division - getUserState(*) already takes into account that the argument is a uid. Fixes a number of issues related to multi-user and keystore; works toward fixing bug 16233206. Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
|
a62474699a202588609d7051e677f23734151900 |
|
01-Aug-2014 |
Kenny Root <kroot@google.com> |
Merge "keystore: allow system to clear keys even while encrypted" into lmp-dev
|
931fac098f2ae35aa1da26ced57962c9a21f95cf |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: fully reset user keystore on request The reset was improperly skipping the .masterkey file which left keystore in a "LOCKED" state next time it was started up. The .masterkey should have been deleted to leave it in the requested "UNINITIALIZED" state next time it started. It looks like some logic was left over to check the UID to see if it matches the current user. Currently there's no way to have a UID in the user directory that doesn't match the current user. (cherry picked from commit a71c9d6bb8b12b38a12fcd18321eb67e3b974be8) Bug: 13886753 Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
|
007cb236ada4b3d70815f03dd07116a5e187f4dd |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: allow system to clear keys even while encrypted Since we can store keys that are unencrypted, we should allow the clearing of data for apps when the keystore is still in a LOCKED state. Also allow the system user to delete keys since this is necessary for system maintenance when application data is cleared or the application is uninstalled. (cherry picked from commit e17c25459fc0f200134e10a1aaef12fa8f930f04) Bug: 15751553 Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
|
cf5a7fc9fbaa8a084fb874ad2d6780c6914cd278 |
|
01-Aug-2014 |
Kenny Root <kroot@google.com> |
Merge "keystore: fully reset user keystore on request"
|
e17c25459fc0f200134e10a1aaef12fa8f930f04 |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: allow system to clear keys even while encrypted Since we can store keys that are unencrypted, we should allow the clearing of data for apps when the keystore is still in a LOCKED state. Also allow the system user to delete keys since this is necessary for system maintenance when application data is cleared or the application is uninstalled. Bug: 15751553 Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
|
a71c9d6bb8b12b38a12fcd18321eb67e3b974be8 |
|
31-Jul-2014 |
Kenny Root <kroot@google.com> |
keystore: fully reset user keystore on request The reset was improperly skipping the .masterkey file which left keystore in a "LOCKED" state next time it was started up. The .masterkey should have been deleted to leave it in the requested "UNINITIALIZED" state next time it started. It looks like some logic was left over to check the UID to see if it matches the current user. Currently there's no way to have a UID in the user directory that doesn't match the current user. Bug: 13886753 Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
|
eaabae9bf8ff0873b0ece2a835f71ee6c6b49437 |
|
30-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add calls for SELinux MAC checks in keystore. Add call to SELinux in the has_permission function call. Add mapping of permission to string used by SELinux. The SELinux rules currently mirror those currently defined in keystore.cpp. Change-Id: I5bfa92bb88f5ed4bf574434abdf28b54eef91a6d
/system/security/keystore/keystore.cpp
|
66dbf67dd65b4808a15ef64f0ffde1275bdd58a9 |
|
30-Jun-2014 |
Nick Kralevich <nnk@google.com> |
Revert "Add calls for SELinux MAC checks in keystore." getcon fails if SELinux is disabled. Revert for now until a more appropriate fix is made. This reverts commit 0e542d0b849a42b6641bf64fd87c7076c98b73d1. Bug: 15945719 Change-Id: Ifa24608b374ea3dc8b5569a5cd214db823a00f26
/system/security/keystore/keystore.cpp
|
0e542d0b849a42b6641bf64fd87c7076c98b73d1 |
|
19-Jun-2014 |
Riley Spahn <rileyspahn@google.com> |
Add calls for SELinux MAC checks in keystore. Add call to SELinux in the has_permission function call. Add mapping of permission to string used by SELinux. The SELinux rules currently mirror those currently defined in keystore.cpp. Change-Id: I3893a25c50b24396b4198ec8b949eee045987ae8
/system/security/keystore/keystore.cpp
|
1d448c074a86ef5d05a22fdf1358718976628a86 |
|
21-Nov-2013 |
Kenny Root <kroot@google.com> |
Add support for specifying which key types are supported Change-Id: Ia5a331868ea3e09891c52bbabc2942554253c458
/system/security/keystore/keystore.cpp
|
c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5 |
|
06-Dec-2013 |
haitao fang <haitao.fang@sonymobile.com> |
Fix the Vector erase bug In the Vector traversal and delete operation, we can't move to the next item when we use the erase function. Change-Id: I9accfb7f109f73dcec900b666077120235bf7ef1
/system/security/keystore/keystore.cpp
|
6489e02e134e4779d35c4a340ff68ad445fde133 |
|
02-Dec-2013 |
Matteo Franchin <matteo.franchin@arm.com> |
Use %zu, %td for size_t, ptrdiff_t, respectively. Changing ALOG format strings to %zu (for one size_t integer) and to %td (for a couple of pointer differences). These changes are necessary when compiling for LP64 architectures. Change-Id: I9bb667500af1b82c360f0fc84e50d70bd46cba6e Signed-off-by: Matteo Franchin <matteo.franchin@arm.com>
/system/security/keystore/keystore.cpp
|
72f6fde4563f9e5f2aff8211a54342d752aa7029 |
|
16-Oct-2013 |
Kenny Root <kroot@google.com> |
resolved conflicts for merge of 1a023f89 to klp-dev-plus-aosp Change-Id: I61c3d1ea509adc54b85bb6bb11350b6c466a8608
|
fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbc |
|
15-Oct-2013 |
Kenny Root <kroot@google.com> |
Fix some spots where targetUid was missed Some of the targetUid arguments weren't used where they should have been. Change-Id: Ief5df897440ddfb572feb57026a6057d64c7c09b
/system/security/keystore/keystore.cpp
|
f90361244bacff74988fdcd33bc986e143860b10 |
|
09-Oct-2013 |
Kenny Root <kroot@google.com> |
am ee8068b9: Set encrypted flag when appropriate * commit 'ee8068b9e7bfb2770635062fc9c2035be2142bd8': Set encrypted flag when appropriate
|
ee8068b9e7bfb2770635062fc9c2035be2142bd8 |
|
07-Oct-2013 |
Kenny Root <kroot@google.com> |
Set encrypted flag when appropriate "generate" and "put" were not setting the encrypted flag in the blob written to disk. Add setting the flag whenever appropriate for these functions. Additinally, the master key should always be encrypted. Bug: 11113056 Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
/system/security/keystore/keystore.cpp
|
dc3b74f61eb0aa00bfcc6e2679338d5c7ba4bc97 |
|
11-Sep-2013 |
Kenny Root <kroot@google.com> |
am ace0b422: Merge "Use canonical UniquePtr.h header" * commit 'ace0b4229a8ad6682e4439e3853de923c91628dc': Use canonical UniquePtr.h header
|
26cfc08add3966eca5892e3387cf5ed6dc3068fb |
|
11-Sep-2013 |
Kenny Root <kroot@google.com> |
Use canonical UniquePtr.h header Change-Id: Iab1dc428c2330a07a5944a1cfbb25c8134b11950
/system/security/keystore/keystore.cpp
|
70f16c198320a36bde1c2fe522ce26bd963ec920 |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. (cherry picked from commit 1b0e3933900c7ea21189704d5db64e7346aee7af) Bug: 10600582 Change-Id: I52418ade881d053229dd3c1d0cf438823468b51b
/system/security/keystore/keystore.cpp
|
b4d2e0233f6aeb69d4c2a216830709040e52366e |
|
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations Some implementations won't support ECDSA or DSA, so provide a fallback for them by using the softkeymaster implementation. This will allow us to universally support ECDSA and DSA on all platforms regardless of HAL version. (cherry picked from commit 17208e0de5a42722901d803118745cca25fd10c1) Bug: 10600582 Change-Id: Ic02102cb2b7f66e2ad3469f4edd9d03c4ae3fdf4
/system/security/keystore/keystore.cpp
|
86b16e8c0d353af97f0411917789308dba417295 |
|
09-Sep-2013 |
Kenny Root <kroot@google.com> |
Move key name creation to common path Bug: 10676015 Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
/system/security/keystore/keystore.cpp
|
1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/keystore.cpp
|
17208e0de5a42722901d803118745cca25fd10c1 |
|
04-Sep-2013 |
Kenny Root <kroot@google.com> |
Provide fallback for keymaster implementations Some implementations won't support ECDSA or DSA, so provide a fallback for them by using the softkeymaster implementation. This will allow us to universally support ECDSA and DSA on all platforms regardless of HAL version. Bug: 10600582 Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
/system/security/keystore/keystore.cpp
|
96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types (cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/keystore.cpp
|
6071179a371fcd4c238375068ffd7d3cedea615d |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types Change-Id: Ibee8d172eeb36f1a2e2ce62f275aea55ada5bcbf
/system/security/keystore/keystore.cpp
|
a77e809ecff5190790906fb7a3c527259c735071 |
|
14-Jun-2013 |
Douglas Leung <douglas@mips.com> |
Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips. Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029 Signed-off-by: Douglas Leung <douglas@mips.com>
/system/security/keystore/keystore.cpp
|
60898896c3f3b2245d10076cac64346c956dbaa5 |
|
17-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix import as other UIDs The targetUid was not being used as the user to store the key as, so it was ending up under the calling UID. This change matches the code for insert and generate now. (cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063) Bug: 8634328 Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
/system/security/keystore/keystore.cpp
|
f9119d6414f43ef669d64e9e53feb043eda49cf3 |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c) Bug: 8122243 Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
/system/security/keystore/keystore.cpp
|
5f53124250025d3113c9c598a2f101330144b10c |
|
12-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix bug in clear_uid (cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66) Bug: 8566369 Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
/system/security/keystore/keystore.cpp
|
655b958eb2180c7c06889f83f606d23421bf038c |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add multi-user support Split the directories out per-user. Each Android user ID gets its own directory and master key. This gives each user its own locked/unlocked state. Add migration code that converts existing keystores to this scheme. This even migrates keys that used the non-public API, but only for the primary user. The secondary users may have a different lock screen pattern that would no longer work to unlock the master key. Bug: 7249554 Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
/system/security/keystore/keystore.cpp
|
483407eaca108d3717bb49770915d6d95d5d0e0c |
|
05-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix inverted hardware keystore check Check should be that the 'is_software' flag is off. Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
/system/security/keystore/keystore.cpp
|
ff620c25d1af495c74cdeb4e5a652adf6858cf88 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
Fix CL split and build Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
/system/security/keystore/keystore.cpp
|
cfeae072c96d84f286ddbf0aff8055c12c7c4f15 |
|
04-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: fix upgrades During an upgrade, a blob would be written out to disk. Whenever a blob is written to disk, it is encrypted in-place. After upgrade, keystore would attempt to use the blob, but get garbage instead of what it expected since it was encrypted. This moves the work of writing up a level so it can then re-read the blob after upgrade. Bug: 7249554 Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
/system/security/keystore/keystore.cpp
|
a9bb549868035e05450a9b918f8d7de9deca5343 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID Add ability for system UID to clear all entries for a different UID. Bug: 3020069 Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
/system/security/keystore/keystore.cpp
|
8ddf35a6e1fd80a7d0685041d2bfc77078277c9d |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type Add an API to query the HAL to see what kind of storage it reports the device is. Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
/system/security/keystore/keystore.cpp
|
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/keystore.cpp
|
0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/keystore.cpp
|
494689083467ec372a58f094f041c8f102f39393 |
|
19-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: allow system UID to WiFi or VPN Previously we redirected all calls from the wifi or vpn UIDs to the system UID's namespace. This switches the paradigm to allow system to write into wifi and vpn UID keystore spaces instead. Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
/system/security/keystore/keystore.cpp
|
9d45d1caba5135e6b8bd6d05d449e8dcf52b6802 |
|
14-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: Check for unlock, not for specific state Most callers only care if the keystore is unlocked for use and not whether it's in a specific state. Change this now so we can change the states later. Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
/system/security/keystore/keystore.cpp
|
b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/keystore.cpp
|
d38a0b07a3104fcb1e747a0fa06641dee8fc058f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: rename uid to callingUid Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
/system/security/keystore/keystore.cpp
|
70c9889c5ca912e7c492580e1999f18ab65b267b |
|
07-Feb-2013 |
Kenny Root <kroot@google.com> |
Remove Value and ValueString classes This was left-over from previous changes and nothing really used it any more. Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
/system/security/keystore/keystore.cpp
|
36a9e231e03734cd2143383d26388455c1764e17 |
|
04-Feb-2013 |
Kenny Root <kroot@google.com> |
Fix mtime via Binder Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
/system/security/keystore/keystore.cpp
|
5281edbc9445065479e92a6c86da462f3943c2ca |
|
22-Nov-2012 |
Kenny Root <kroot@google.com> |
Actually terminate on EOF Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
/system/security/keystore/keystore.cpp
|
150ca934edb745de3666a6492b039900df228ff0 |
|
14-Nov-2012 |
Kenny Root <kroot@google.com> |
EINTR handling and debugging for error cases Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY while others were. Add them where necessary. Additionally, some error cases were not logging any messages so things would mysteriously fail if there was an underlying filesystem problem. Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
/system/security/keystore/keystore.cpp
|
07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/keystore.cpp
|
c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997 |
|
14-Sep-2012 |
Pavel Chupin <pavel.v.chupin@intel.com> |
Add casts to avoid build warnings with gcc-4.7 Example: keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]' from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}' Change-Id: I8cd239880821724050d1716b78851807e0246ef2 Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
/system/security/keystore/keystore.cpp
|
344e0bc23ca46b9acec97ac8bcd87949bde0ccab |
|
15-Aug-2012 |
Kenny Root <kroot@google.com> |
Add getmtime command for keys This allows you to check when a key was last modified. Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
/system/security/keystore/keystore.cpp
|
9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae |
|
14-Aug-2012 |
Kenny Root <kroot@google.com> |
keymaster HAL users don't need delete_keypair The keymaster HAL implementations don't need the delete_keypair method, but keystore currently throws an error when it's not implemented. This causes problems with at least the OpenSSL software implementation. Bug: 6985351 Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
/system/security/keystore/keystore.cpp
|
a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1 |
|
17-Jul-2012 |
Brian Carlstrom <bdc@google.com> |
Handle keynames with special characters such as - and . Bug: http://code.google.com/p/android/issues/detail?id=34577 Bug: 6837950 (cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1) Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555
/system/security/keystore/keystore.cpp
|
e95ce35d10d6e0a7315a57f30d9c88d89880a4e1 |
|
07-Apr-2012 |
Amith Yamasani <yamasani@google.com> |
Allow calls from secondary user Settings app. This is so that Face Unlock can be a valid option for a lockscreen. Otherwise get a PERMISSION_DENIED when uid = 101000. Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
/system/security/keystore/keystore.cpp
|
da1ed9ab99c00698af64ec655ff668efffe2960d |
|
10-Apr-2012 |
Kenny Root <kroot@google.com> |
Turn on extra compiler checks Turn on the compiler flags -Wall -Wextra -Werror to make sure no compiler warnings are added to the project. Eliminate all unused arguments. Remove unused variables in code. Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
/system/security/keystore/keystore.cpp
|
822c3a99d930e9299e2fad2fb3e0ff91b119b95a |
|
24-Mar-2012 |
Kenny Root <kroot@google.com> |
Add support for upgrading key types Old key types were not distinguished by the keystore itself. This change takes some of the reserved fields in the old format and changes it to a version number and key type. Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
/system/security/keystore/keystore.cpp
|
298e7b1b0f9116e2054d594d7538379d86585035 |
|
26-Mar-2012 |
Kenny Root <kroot@google.com> |
Add keymaster delete_all call on reset To allow efficient deletion by hardware keymaster modules, add a direct delete_all call when keystore is reset. This will also probably fix problems where the hardware keymaster gets more keys than keystore knows about and fills up its storage. Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
/system/security/keystore/keystore.cpp
|
70e3a86abd2c412d602a018967c01c177eb6cf4e |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Add keymaster to keystore with soft implementation Add hardware crypto capabilities to keystore. This allows hardware escrow of private key material. There is also an OpenSSL engine that connects to keystore to allow use of the keystore keys from native code built into the platform. This includes a software implementation of keymaster using OpenSSL as the backend. This is just as insecure as the previous solution, but it's needed so devices without hardware support can continue to operate in the new scheme without a lot of compatibility code. Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
/system/security/keystore/keystore.cpp
|
5187818895c4c5f650a611c40531b1dff7764c18 |
|
13-Mar-2012 |
Kenny Root <kroot@google.com> |
keystore_client shared library Add a libkeystore_client.so library for clients to use. Add const-correctness to the keystore.cpp classes. Increase maximum arguments for future work. Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
/system/security/keystore/keystore.cpp
|
a91203b08350b2fc7efda5b1eab39e7541476b3a |
|
16-Feb-2012 |
Kenny Root <kroot@google.com> |
Move keystore from frameworks/base Move keystore from frameworks/base at commit 57ff581bd9b16a192a567f84d0e0a5c82d866343 Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906
/system/security/keystore/keystore.cpp
|