This also adds the MAC length constraint on imported HMAC keys. HMAC
doesn't work without this constraint at the moment.
Bug: 18088752
Change-Id: I8613f58f5d2a84df00bcf6179d13e30619440330
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation.
Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8
Support for certificate chooser (keychain) to first query a profile
owner (if one exists) for a silent credentials grant which will be
passed back to the caller as an alias.
Bug: 15065444
Change-Id: I0729b435c218b7991e6cb5faedefb7900577afcc
The Android KeyStore backed KeyPairGenerator can generate EC key
pairs, but it cannot be instantiated via the standard JCA approach of
KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the
user must invoke KeyPairGenerator.getInstance("RSA",
"AndroidKeyStore") and then tell it to generate an EC key pair.
This CL fixes this weirdness.
The fix requires the introduction of late resolution of key algorithm
and default key size. Prior to this CL, these parameters were resolved
prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec.
In this CL, these parameters are resolved during KeyPairGenerator
initialization. This is fine because KeyPairGeneratorSpec should be as
dumb as possible and all the logic should reside in KeyPairGenerator
and lower layers.
Bug: 19018089
Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
This replaces IKeystoreService.java with IKeystoreService.aidl and
changes the methods that passed down a byte[][] to instead pass down a
KeystoreArguments which is currently a thin parcelable wrapper around a byte[][].
Change-Id: I6367bcf57562f41a27aab14f1903b74995cb65c2
The test is sending too much data to be signed, which should actually
fail, and does on Volantis. Apparently the other keymaster implementors
do something to pass it, because shamu and hammerhead pass, but the test
is wrong.
Change-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d
Fixes setting a keyguard password for keystore in a multi-user setup
while we're at it.
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
This reverts commit 87efe74e092236c372d3b6909009641123aa416a.
This should be fine now with all the dependency CLs +2-ed
Change-Id: I96ad14ad5ff81e6b5391035cb6c5a62339c6cc40
Trusted credentials for both the primary user and its managed profiles are shown
on the Trusted Credentials fragment. All functionalities (e.g. disabling/enabling
of certificates) remain available.
Bug: 16029580
Change-Id: Ia92ae02d8c572bf4a3be172f6c255726cefc0fa1
Exposes these methods:
- hasCaCertInstalled
- hasAnyCaCertsInstalled
- installCaCert
- uninstallCaCert
Allows device and profile owners to perform some certificate management
including querying for and enabling/disabling specific CA certificates.
Change-Id: I4aa8a1a8601b234e30acde99dfa382e04cb62495
Add exposition about the use cases for AndroidKeyStore and links to the
API sample application for different use cases.
Bug: 8608817
Change-Id: Ic4ce9405781c92f12687895b28c671661ea5524f
