drgreen/android_frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
198,860 Commits 1 Branch 0 Tags
Commit Graph

381 Commits

Author SHA1 Message Date
Alex Klyubin
ad9ba10ecd No runtime exceptions during normal use of AndroidKeyStore crypto. 
This changes the implementation of AndroidKeyStore-backed Cipher and
Mac to avoid throwing runtime exceptions during normal use. Runtime
exceptions will now be thrown only due to truly exceptional and
unrecoverable errors (e.g., keystore unreachable, or crypto primitive
not initialized).

This also changes the implementation of Cipher to cache any errors
encountered in Cipher.update until Cipher.doFinal which then throws
them as checked exceptions.

Bug: 20525947
Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727
 2015-04-24 10:54:45 -07:00
Alex Klyubin
6c4a842129 Reset AndroidKeyStore Mac and Cipher state when init fails. 
For consistency, this also switches AndroidKeyStore's Mac init/reset
implementation to the same approach as used in Cipher.

Bug: 18088752
Change-Id: Id34caf7cfe04f2058e22d8632890f762927bb31c
 2015-04-24 10:49:11 -07:00
Adam Langley
6bf52c4271 frameworks/base: switch to using NativeConstants. 
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.

Bug: 20521989

Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
 2015-04-24 10:00:45 -07:00
Alex Klyubin
ed6b2eb9f4 Merge "Set Secure User ID from app level." 2015-04-16 22:44:23 +00:00
Alex Klyubin
ed7a218592 Unhide KeyStoreKeyProperties.Origin.UNKNOWN. 
Bug: 18088752
Change-Id: Idaed45d7e84f5f3eb4f623552b60206c504e967a
 2015-04-16 15:26:50 -07:00
Alex Klyubin
10a9f1786b Set Secure User ID from app level. 
When AndroidKeyStore keys require used authentication, they need to be
bound to a Keymaster's Secure User ID. This ID will be set by keystore
soon. Until then, set it from the framework level (i.e., from apps
which use AndroidKeyStore).

NOTE: Accessing gatekeeper to obtain the Secure User ID will be
blocked by SELinux policy. To test this code, disable SELinux
enforcing mode.

Bug: 18088752
Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e
 2015-04-16 15:18:13 -07:00
Alex Klyubin
aa0d7f60b6 am b1aa7d0b: am 51884f0e: am 499126c4: Merge "Add Keymaster KM_ORIGIN_UNKNOWN constant." 
* commit 'b1aa7d0bc821614d943075c0d786cc3f5eeb8c73':
  Add Keymaster KM_ORIGIN_UNKNOWN constant.
 2015-04-16 20:31:46 +00:00
Alex Klyubin
499126c433 Merge "Add Keymaster KM_ORIGIN_UNKNOWN constant." 2015-04-16 19:50:12 +00:00
Alex Klyubin
3abd2b757a am 22b5d9b9: am 28a9089f: am 216d18b9: Merge "Remove IV auto-generation workaround." 
* commit '22b5d9b969176a196b0b29ce9441ac3d1d35d208':
  Remove IV auto-generation workaround.
 2015-04-16 17:20:23 +00:00
Alex Klyubin
a0d2dddc55 Remove IV auto-generation workaround. 
This workaround prevents use of keys with randomized encryption
(IND-CPA). Since randomized encryption is on by default, it's better
to keep it working and break non-randomized encryption (until
Keymaster is fixed).

Bug: 18088752
Change-Id: I4b11ce72cff705be41d3e66f28b507d6ddc1da79
 2015-04-15 17:20:23 -07:00
Shawn Willden
250dd26291 am 763100e6: am 1cb119d3: am 71ba4e46: Merge "Unbreak obtaining symmetric keys from AndroidKeyStore." 
* commit '763100e6442494a85cfcb7949c8021836071b1f6':
  Unbreak obtaining symmetric keys from AndroidKeyStore.
 2015-04-15 18:21:41 +00:00
Alex Klyubin
5eacd777fe Unbreak obtaining symmetric keys from AndroidKeyStore. 
This tracks 59f977c6988e21b3b8aa6c83428bd6ee1a98816d due to which
AndroidKeyStore is unable to provide symmetric keys because it
assumes that the digest field is not repeating.

Bug: 18088752
Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
 2015-04-14 19:02:46 -07:00
Alex Klyubin
338e74648d resolved conflicts for merge of 1d5a2592 to master 
Change-Id: Ia1ea7c9c8c23eeffcd596b96506e961989ccb7a6
 2015-04-14 14:23:07 -07:00
Alex Klyubin
8e5fbc70e1 am fa2bd4fe: am 888f5cb7: am ecfda064: Merge "Make specifying self-signed cert parameters optional." 
* commit 'fa2bd4fe5c10b8132a155f0f8d0207435ca2c8dc':
  Make specifying self-signed cert parameters optional.
 2015-04-14 20:43:54 +00:00
Alex Klyubin
d693690aee Merge "No need to specify EC curve name in EcIesParameterSpec." 2015-04-14 20:22:52 +00:00
Alex Klyubin
67d21aef98 Make specifying self-signed cert parameters optional. 
This removes the need to specify the three parameters of the
self-signed certificate (serial number, subject, validity range) when
generating key pairs in AndroidKeyStore. This is achieved by
providing sensible defaults for these parameters:
* serial number: 1
* subject: CN=fake
* validity range: Jan 1 1970 to Jan 1 2048.

Bug: 18088752
Change-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43
 2015-04-14 12:56:17 -07:00
Alex Klyubin
45d27836bd Add Keymaster KM_ORIGIN_UNKNOWN constant. 
This tracks d359b044830b292f492f8a8df5471f869e358399 from
hardware/libhardware.

Bug: 18088752
Change-Id: I9a7bd8bdee51c18ae0427eff4efe036213d2b175
 2015-04-14 10:52:34 -07:00
Alex Klyubin
9b3e005a4e Unhide the new AndroidKeyStore API. 
Bug: 18088752
Change-Id: I93f87cbb1cd04a4a2e34f3d544d678c92cf052ee
 2015-04-13 11:34:04 -07:00
Alex Klyubin
fbf1472d61 resolved conflicts for merge of a978a3d6 to master 
Change-Id: Ifd7ca9e1dfa0d50a87f2bafef377fcaeb5d9f6d5
 2015-04-13 10:54:53 -07:00
Alex Klyubin
33454dd569 No need to specify EC curve name in EcIesParameterSpec. 
EC curve parameters will be obtained from the provided EC key.

Bug: 18088752
Change-Id: Ic99353a6566c8d4ce2b6b73d0309edaa40f84fa6
 2015-04-13 10:20:24 -07:00
Alex Klyubin
d1af38a478 Merge "Use JCA names for block modes, paddings, and digests." 2015-04-13 17:01:30 +00:00
Alex Klyubin
5927c9f1b1 Use JCA names for block modes, paddings, and digests. 
This replaces int-based enums from KeyStoreKeyConstraints with
String values commonly used in JCA API.

As part of under the hood refactoring:
* KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been
  merged into KeyStoreKeyProperties.
* KeymasterUtils methods operating on KeymasterArguments and
  KeymasterCharacteristics have been moved to their respective
  classes.

Bug: 18088752
Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
 2015-04-13 09:59:04 -07:00
Alex Klyubin
0e67d0a1b0 am 651dbfde: am ad48c4c9: am c1c6528d: Merge "Add EcIesParameterSpec to enable ECIES crypto." 
* commit '651dbfde73171ad6451dc8f9288fa4df50f99e4c':
  Add EcIesParameterSpec to enable ECIES crypto.
 2015-04-11 02:56:44 +00:00
Alex Klyubin
c1c6528d2b Merge "Add EcIesParameterSpec to enable ECIES crypto." 2015-04-11 02:17:01 +00:00
Chad Brubaker
03c13e430d am 93976df8: am 3a9779b6: am 386c4e9e: Merge "Fix testSaw_ungrantedUid_Bluetooth" 
* commit '93976df800641c9d56b73af6cb4bab9cc9a5f59e':
  Fix testSaw_ungrantedUid_Bluetooth
 2015-04-10 22:26:25 +00:00
Alex Klyubin
0ee9376ef4 Add EcIesParameterSpec to enable ECIES crypto. 
Bug: 18088752
Change-Id: I597b019106c500188e0fbbc9608722668c08b421
 2015-04-10 14:57:28 -07:00
Chad Brubaker
386c4e9ea9 Merge "Fix testSaw_ungrantedUid_Bluetooth" 2015-04-10 21:42:23 +00:00
Chad Brubaker
6a5af8cf14 Fix testSaw_ungrantedUid_Bluetooth 
Keystore.saw returns [] on no result, not null, so the test was
incorrectly failing.

Change-Id: I22dcf85c5d6c5c0368848bc784c3215c092d9ea8
 2015-04-10 14:15:17 -07:00
Alex Klyubin
75f6f31db4 am d31d4771: am c5f9683c: am a270264c: Merge "Track more changes to keymaster_defs.h" 
* commit 'd31d4771d90277eb246814b6a6f981e0842eb614':
  Track more changes to keymaster_defs.h
 2015-04-10 18:29:53 +00:00
Alex Klyubin
55f7c2770f Track more changes to keymaster_defs.h 
KeyStoreTest needed to be adjusted because OCB is no longer supported.

Bug: 18088752
Change-Id: I7594daaa5e97423d34726b07cc79e3ee28418d95
 2015-04-10 08:58:38 -07:00
Alex Klyubin
8d33804b01 am 037dfb94: am 5f8c17b9: am ba2836e6: Merge "Track recent keymaster_defs.h changes." 
* commit '037dfb9423a0988398b67520546dae5673aa54bb':
  Track recent keymaster_defs.h changes.
 2015-04-10 04:34:13 +00:00
Alex Klyubin
2c5eaa0157 am 04a99c7b: am 82cba6aa: am c6eb6288: Merge "Split key origin into TEE/not and generated/imported." 
* commit '04a99c7b4435598e4f9d53fadbe5faca4ad7ebdc':
  Split key origin into TEE/not and generated/imported.
 2015-04-10 04:33:48 +00:00
Alex Klyubin
862e6c7814 Track recent keymaster_defs.h changes. 
Bug: 18088752
Change-Id: If47bb7cc7a385941db9f12d478676594e9bc9d86
 2015-04-09 16:58:58 -07:00
Alex Klyubin
b503c52f07 Split key origin into TEE/not and generated/imported. 
This is to match the upcoming changes in Keymaster HAL API.

Bug: 18088752
Change-Id: I602d56d1c29a839583be1d9efa681a6fab6642db
 2015-04-09 15:50:17 -07:00
Alex Klyubin
43de2a9b52 am 4acc3392: am 8676a88e: am 97d2d7c4: Merge "Fix minor issues in new Javadocs of AndroidKeyStore." 
* commit '4acc3392c35e5ad98c8e7b650b1368a2956746b7':
  Fix minor issues in new Javadocs of AndroidKeyStore.
 2015-04-09 22:21:41 +00:00
Alex Klyubin
7882a7fcd4 Fix minor issues in new Javadocs of AndroidKeyStore. 
Bug: 18088752
Change-Id: Ie84cc6066c82f2659da17a1eb158c2e3acf5094d
 2015-04-09 14:33:11 -07:00
Alex Klyubin
981913babf am 098833c5: am ec01623b: am aeae0f38: Merge "Add asymmetric crypto constants for AndroidKeyStore API." 
* commit '098833c59d8b3984e3983169b460198c2d5e2670':
  Add asymmetric crypto constants for AndroidKeyStore API.
 2015-04-09 20:34:56 +00:00
Alex Klyubin
27077471a3 am c6112eb7: am 21c4e465: am 8c58ba87: Merge "Add missing mapping between JCA and keystore HMAC names." 
* commit 'c6112eb7057f91df1f885da37564f89a423f64e4':
  Add missing mapping between JCA and keystore HMAC names.
 2015-04-09 20:34:46 +00:00
Alex Klyubin
aeae0f384f Merge "Add asymmetric crypto constants for AndroidKeyStore API." 2015-04-09 20:02:39 +00:00
Alex Klyubin
8c58ba87bb Merge "Add missing mapping between JCA and keystore HMAC names." 2015-04-09 19:57:13 +00:00
Alex Klyubin
ccfea5024b Add asymmetric crypto constants for AndroidKeyStore API. 
Bug: 18088752
Change-Id: Iee72a4c230f3a2cd30d9eb4d29c4301f3e113f31
 2015-04-09 11:38:44 -07:00
Alex Klyubin
52f57de9f6 am bbf3cc57: am fd168151: am e26347bb: Merge "Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired." 
* commit 'bbf3cc5797293dc915d7ecfe41e85bbe5682548d':
  Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired.
 2015-04-09 17:31:16 +00:00
Alex Klyubin
5324702a02 Add missing mapping between JCA and keystore HMAC names. 
This is a follow-up to 70376a77280551791dae62586a6bb0c77ed9429a where
I forgot to update this mapping.

Bug: 18088752
Change-Id: I322a9abd642ddee3bd2b4f49379b121012e32836
 2015-04-09 10:10:34 -07:00
Alex Klyubin
b30cc6c3e8 resolved conflicts for merge of b9a9d46c to master 
Change-Id: Ibec45f0f8f9618dd7bd1b34561dccbdd9599cdeb
 2015-04-09 09:54:05 -07:00
Alex Klyubin
223977b914 Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired. 
This wasn't meant to be public API yet.

Bug: 18088752
Change-Id: I40e57fd9121348086ae88ad9fa54f930547b77ba
 2015-04-09 09:50:34 -07:00
Alex Klyubin
a482b0469c Merge "Require IND-CPA by default for new AndroidKeyStore keys." 2015-04-09 16:12:09 +00:00
Alex Klyubin
ada3e01313 am 2d81cb68: am 2cb1e1dc: am 1da3d7fc: Merge "Add more digests to AndroidKeyStore API." 
* commit '2d81cb6824e186a6c76d0466e2d58eaa34312673':
  Add more digests to AndroidKeyStore API.
 2015-04-09 01:16:38 +00:00
Alex Klyubin
f853f64998 Require IND-CPA by default for new AndroidKeyStore keys. 
Bug: 18088752
Change-Id: I01e44b7155df4326b5c9d83dda57f889c1f23ec7
 2015-04-08 16:28:27 -07:00
Alex Klyubin
0e496527fe am da66cab3: am f1a1160c: am c0d6b7cb: Merge "Fix typo" 
* commit 'da66cab36e8085a1457565be69b55b38dfee186e':
  Fix typo
 2015-04-08 22:12:55 +00:00
Alex Klyubin
7513d53cae am 9be1016b: am c48e8cf0: am edd0e6c0: Merge "Refuse to reuse IV in encryption mode in AndroidKeyStore." 
* commit '9be1016b44c229468bd9a215fdbbfb95a8acf2ad':
  Refuse to reuse IV in encryption mode in AndroidKeyStore.
 2015-04-08 22:12:47 +00:00