drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
234,081 Commits 1 Branch 0 Tags
Commit Graph

450 Commits

Author SHA1 Message Date
Alex Klyubin
2c5eaa0157 am 04a99c7b: am 82cba6aa: am c6eb6288: Merge "Split key origin into TEE/not and generated/imported." 
* commit '04a99c7b4435598e4f9d53fadbe5faca4ad7ebdc':
  Split key origin into TEE/not and generated/imported.
 2015-04-10 04:33:48 +00:00
Alex Klyubin
862e6c7814 Track recent keymaster_defs.h changes. 
Bug: 18088752
Change-Id: If47bb7cc7a385941db9f12d478676594e9bc9d86
 2015-04-09 16:58:58 -07:00
Alex Klyubin
b503c52f07 Split key origin into TEE/not and generated/imported. 
This is to match the upcoming changes in Keymaster HAL API.

Bug: 18088752
Change-Id: I602d56d1c29a839583be1d9efa681a6fab6642db
 2015-04-09 15:50:17 -07:00
Alex Klyubin
43de2a9b52 am 4acc3392: am 8676a88e: am 97d2d7c4: Merge "Fix minor issues in new Javadocs of AndroidKeyStore." 
* commit '4acc3392c35e5ad98c8e7b650b1368a2956746b7':
  Fix minor issues in new Javadocs of AndroidKeyStore.
 2015-04-09 22:21:41 +00:00
Alex Klyubin
7882a7fcd4 Fix minor issues in new Javadocs of AndroidKeyStore. 
Bug: 18088752
Change-Id: Ie84cc6066c82f2659da17a1eb158c2e3acf5094d
 2015-04-09 14:33:11 -07:00
Alex Klyubin
981913babf am 098833c5: am ec01623b: am aeae0f38: Merge "Add asymmetric crypto constants for AndroidKeyStore API." 
* commit '098833c59d8b3984e3983169b460198c2d5e2670':
  Add asymmetric crypto constants for AndroidKeyStore API.
 2015-04-09 20:34:56 +00:00
Alex Klyubin
27077471a3 am c6112eb7: am 21c4e465: am 8c58ba87: Merge "Add missing mapping between JCA and keystore HMAC names." 
* commit 'c6112eb7057f91df1f885da37564f89a423f64e4':
  Add missing mapping between JCA and keystore HMAC names.
 2015-04-09 20:34:46 +00:00
Alex Klyubin
aeae0f384f Merge "Add asymmetric crypto constants for AndroidKeyStore API." 2015-04-09 20:02:39 +00:00
Alex Klyubin
8c58ba87bb Merge "Add missing mapping between JCA and keystore HMAC names." 2015-04-09 19:57:13 +00:00
Alex Klyubin
ccfea5024b Add asymmetric crypto constants for AndroidKeyStore API. 
Bug: 18088752
Change-Id: Iee72a4c230f3a2cd30d9eb4d29c4301f3e113f31
 2015-04-09 11:38:44 -07:00
Alex Klyubin
52f57de9f6 am bbf3cc57: am fd168151: am e26347bb: Merge "Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired." 
* commit 'bbf3cc5797293dc915d7ecfe41e85bbe5682548d':
  Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired.
 2015-04-09 17:31:16 +00:00
Alex Klyubin
5324702a02 Add missing mapping between JCA and keystore HMAC names. 
This is a follow-up to 70376a77280551791dae62586a6bb0c77ed9429a where
I forgot to update this mapping.

Bug: 18088752
Change-Id: I322a9abd642ddee3bd2b4f49379b121012e32836
 2015-04-09 10:10:34 -07:00
Alex Klyubin
b30cc6c3e8 resolved conflicts for merge of b9a9d46c to master 
Change-Id: Ibec45f0f8f9618dd7bd1b34561dccbdd9599cdeb
 2015-04-09 09:54:05 -07:00
Alex Klyubin
223977b914 Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired. 
This wasn't meant to be public API yet.

Bug: 18088752
Change-Id: I40e57fd9121348086ae88ad9fa54f930547b77ba
 2015-04-09 09:50:34 -07:00
Alex Klyubin
a482b0469c Merge "Require IND-CPA by default for new AndroidKeyStore keys." 2015-04-09 16:12:09 +00:00
Alex Klyubin
ada3e01313 am 2d81cb68: am 2cb1e1dc: am 1da3d7fc: Merge "Add more digests to AndroidKeyStore API." 
* commit '2d81cb6824e186a6c76d0466e2d58eaa34312673':
  Add more digests to AndroidKeyStore API.
 2015-04-09 01:16:38 +00:00
Alex Klyubin
f853f64998 Require IND-CPA by default for new AndroidKeyStore keys. 
Bug: 18088752
Change-Id: I01e44b7155df4326b5c9d83dda57f889c1f23ec7
 2015-04-08 16:28:27 -07:00
Alex Klyubin
0e496527fe am da66cab3: am f1a1160c: am c0d6b7cb: Merge "Fix typo" 
* commit 'da66cab36e8085a1457565be69b55b38dfee186e':
  Fix typo
 2015-04-08 22:12:55 +00:00
Alex Klyubin
7513d53cae am 9be1016b: am c48e8cf0: am edd0e6c0: Merge "Refuse to reuse IV in encryption mode in AndroidKeyStore." 
* commit '9be1016b44c229468bd9a215fdbbfb95a8acf2ad':
  Refuse to reuse IV in encryption mode in AndroidKeyStore.
 2015-04-08 22:12:47 +00:00
Alex Klyubin
bd877f261b am 8ad875f5: am 0649c832: am 3283d2d2: Merge "Add BlockMode.GCM constant to AndroidKeyStore API." 
* commit '8ad875f52de3ffa99fea22177e26a7f22c3735b1':
  Add BlockMode.GCM constant to AndroidKeyStore API.
 2015-04-08 22:12:38 +00:00
Alex Klyubin
70376a7728 Add more digests to AndroidKeyStore API. 
This adds MD5, SHA-1, SHA-224, SHA-384, and SHA-512. SHA-256 was
already there.

MD5 is not exposed for HMAC on purpose, because MD5 has been
deprecated for years.

Bug: 18088752
Change-Id: I4df3d3f6cf10805c7910a1bdb577a91c85055945
 2015-04-08 14:17:21 -07:00
Alex Klyubin
6895a549ec Fix typo 
Change-Id: I1c47ade98ad3ae41dc55e7bcafcad6901b559c89
 2015-04-08 11:08:37 -07:00
Alex Klyubin
edd0e6c098 Merge "Refuse to reuse IV in encryption mode in AndroidKeyStore." 2015-04-08 18:04:39 +00:00
Alex Klyubin
d1ccb45945 Refuse to reuse IV in encryption mode in AndroidKeyStore. 
This makes IV-using Cipher implementations backed by AndroidKeyStore
refuse to be reused. After Cipher.doFinal completes, invoking update
or doFinal will raise an exception. This is to make it harder to
violate the security best practice of not reusing IV in encryption
mode.

Bug: 18088752
Change-Id: I5102f9e8b2ff428254294703e48948ea8576603d
 2015-04-08 09:46:16 -07:00
Alex Klyubin
38bb642bbb Add BlockMode.GCM constant to AndroidKeyStore API. 
GCM mode is not yet implemented. This is just adding a constant to
KeyStoreKeyConstraints.BlockMode.

Bug: 18088752
Change-Id: Ibba5b393f56ab9f6bb96d994f110687ab8d65ff3
 2015-04-07 15:09:12 -07:00
Alex Klyubin
1620a65d32 resolved conflicts for merge of 06adabdb to master 
Change-Id: Ifb09e2e6242f79cabe76e95eacc982f6cc7e1a6c
 2015-04-07 11:39:51 -07:00
Alex Klyubin
c46e9e7da4 Make the new AndroidKeyStore API conformant. 
This makes the new AndroidKeyStore API conform with the latest
Keymaster API changes as well as the latest Android framework API
design guidelines.

Keymaster changes:
* Multiple paddings, block modes, and digests can be set on a key.
* "max uses per boot" and "min seconds between use" restrictions will
  not be exposed in the framework API.
* Padding scheme ZERO will not be exposed.

Changes due to Android framework design guidelines:
* Sets of enum values have been replaced with bitsets represented as
  ints.
* Integer has been replaced with int, with null being represented
  with a special value (e.g., -1 or 0) where possible.

Bug: 18088752
Change-Id: Ib21739aa9b42d48895cb7a681e836a5c6d972ac6
 2015-04-07 09:18:00 -07:00
Alex Klyubin
b7f9aca713 am ba88b692: am e2e5b88e: am 64b0062a: Merge "Load fewer classes when AndroidKeyStore provider is installed." 
* commit 'ba88b692f1a489de308dcf5b5420a23166a94487':
  Load fewer classes when AndroidKeyStore provider is installed.
 2015-04-03 20:33:29 +00:00
Alex Klyubin
dbcec13d64 resolved conflicts for merge of b068f162 to master 
Change-Id: I5bc234e1da047880d3437a861ff93474a9797e18
 2015-04-03 13:01:09 -07:00
Chad Brubaker
ecf2b4f550 am 54d583c1: am e797eb2e: am 377885e1: Merge "Mark all test keys as no auth required" 
* commit '54d583c148fd14034afc751ad70ab772de55eb92':
  Mark all test keys as no auth required
 2015-04-03 19:55:38 +00:00
Alex Klyubin
7c9e4be67a am c869ac1b: am ec029e55: am b292e49b: Merge "Obtain SPI without using Reflection." 
* commit 'c869ac1b7d163282ffdebf4ce9b32c479766f52d':
  Obtain SPI without using Reflection.
 2015-04-03 19:55:22 +00:00
Alex Klyubin
6def5afcbc Load fewer classes when AndroidKeyStore provider is installed. 
This avoids loading all AndroidKeyStore crypto SPI classes when the
AndroidKeyStore provider is instantiated and installed. This provider
is installed early on during the initialization of each app. Most apps
don't need these classes loaded.

Bug: 18088752
Change-Id: Ib43c9dd6a7d434b128916e0f9c8652ba61df0d47
 2015-04-03 12:45:16 -07:00
Alex Klyubin
08963653fc Merge "Rename KeymasterException to KeyStoreException." 2015-04-03 19:13:49 +00:00
Chad Brubaker
377885e1e6 Merge "Mark all test keys as no auth required" 2015-04-03 19:13:37 +00:00
Alex Klyubin
a0f656f9bd Obtain SPI without using Reflection. 
Bug: 18088752
Change-Id: I76d42e17f5f28af6fd9a96ee812d286f6c6a085b
 2015-04-03 12:09:56 -07:00
Alex Klyubin
b4834ae3fa Rename KeymasterException to KeyStoreException. 
The code in question talks to KeyStore which returns error codes
which are a mix of keystore and keymaster error codes. To better
match the layering of KeyStore on top of keystore and keymaster,
this CL renames KeymasterException into KeyStoreException. It also
adds human-readable error messages to exceptions raised by keystore
rather than keymaster (e.g., key not found).

Bug: 18088752
Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88
 2015-04-02 15:57:27 -07:00
Alex Klyubin
36662ba6ae Add fingerprint-specific API to KeyPairGeneratorSpec. 
This is identical to the existing API in KeyStoreParameter and
KeyGeneratorSpec.

Bug: 18088752
Change-Id: I8aad4fdeb858cc9586f46d5a81561505914ac334
 2015-04-02 15:15:27 -07:00
Alex Klyubin
f4c301bdf5 am 58031d5e: am 378df98e: am 3cc9e5d6: Merge "Improve the AndroidKeyStore-backed HMAC state machine." 
* commit '58031d5eb5531f8bc45ac1789ea1cc9134591358':
  Improve the AndroidKeyStore-backed HMAC state machine.
 2015-04-02 22:02:45 +00:00
Alex Klyubin
7f5b87692b resolved conflicts for merge of e7e705d4 to master 
Change-Id: If3e8c985f4f122f9fb36aab206787aac1407a74e
 2015-04-02 14:58:27 -07:00
Chad Brubaker
ce7ad24b63 Mark all test keys as no auth required 
Now that auth token checks are in keystore keys without any auth tags
are invalid.

Also adds a test to check that a key with auth required fails when none
is present.

Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
 2015-04-02 14:41:37 -07:00
Alex Klyubin
3cc9e5d68d Merge "Improve the AndroidKeyStore-backed HMAC state machine." 2015-04-02 21:06:28 +00:00
Alex Klyubin
f4f0671618 am a44e7fd6: am 957e982c: am d2eec1a7: Merge "Add exception types for AndroidKeyStore key validity issues." 
* commit 'a44e7fd6228638f25472e331241a5d1f5cfaacbf':
  Add exception types for AndroidKeyStore key validity issues.
 2015-04-02 21:04:08 +00:00
Alex Klyubin
9635a56acf Merge "Expose new key use constraints in KeyPairGeneratorSpec." 2015-04-02 21:03:11 +00:00
Alex Klyubin
855fa31eb5 Expose new key use constraints in KeyPairGeneratorSpec. 
The constraints are currently ignored.

Bug: 18088752
Change-Id: Iabd2018200afb2bf8ac1748d1def47af74bfb9d3
 2015-04-02 10:04:33 -07:00
Alex Klyubin
2ea13d4268 Add fingerprint-specific AndroidKeyStore API. 
Bug: 18088752
Change-Id: I333d3ffc820d28ae678e28dafc2e8a24cb7eb073
 2015-04-01 18:35:36 -07:00
Alex Klyubin
56a33230b7 am 66b96b59: am 78014a78: am 04047af6: Merge "Use Keymaster-friendly validity dates." 
* commit '66b96b59774838998b1e67f83f3d67be5cc3a3e2':
  Use Keymaster-friendly validity dates.
 2015-04-02 01:10:02 +00:00
Alex Klyubin
0b188927f4 Add exception types for AndroidKeyStore key validity issues. 
Bug: 18088752
Change-Id: I7494cb6a793e2b57bb849a4253bba2803778c161
 2015-04-01 16:22:00 -07:00
Alex Klyubin
a80eee052d Improve the AndroidKeyStore-backed HMAC state machine. 
This defers the start of a new KeyStore operation after Mac.doFinal
until the next Mac.update or .doFinal. Previously, the a new KeyStore
operation was started immediately, at the end of doFinal.

Bug: 18088752
Change-Id: I2d594067ef261f519631d09f7a6087b715801656
 2015-04-01 16:03:03 -07:00
Alex Klyubin
3984bbc025 am 838f054f: am a4ea4726: am c461452e: Merge "Hook in user authenticators and their exceptions." 
* commit '838f054f88447d575afff105810800d95dd3eb13':
  Hook in user authenticators and their exceptions.
 2015-04-01 18:57:38 +00:00
Alex Klyubin
ef17b73c6a am 93e029e0: am f00cdf68: am c6cc9d82: Merge "A way to obtain KeyStore operation handle from crypto primitives." 
* commit '93e029e0066737f9f09f6dfef95dc664dc236b15':
  A way to obtain KeyStore operation handle from crypto primitives.
 2015-04-01 18:57:31 +00:00