| Age | Commit message (Collapse) | Author |
|---|
|
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
|
|
This propagates the concept that 0 is an invalid crypto operation
handle to the outside of AndroidKeyStore abstraction.
Bug: 20864436
Change-Id: I1e5abb66c5d41d8fc32aac44372495a708c2b6e2
|
|
Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac,
Signature, and KeyAgreement implementations accept arbitrary keys (
including AndroidKeyStore keys). As a result, when a Cipher, Mac,
Signature, or KeyAgreement instance is requested from JCA without
explicitly specifying the provider (which follows best practices)
and then initialied with an AndroidKeyStore key, JCA chooses the
BouncyCastle's implementation, which in turn blows up because it
can't handle such keys.
The workaround is to install Cipher, Mac, Signature, and
KeyAgreement implementations backed by AndroidKeyStore as a
higher-priority JCA provider than the Bouncy Castle one. This is
achieved by splitting out the above implementations from
AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider
and installing the AndroidKeyStoreProvider at the usual priority
(below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider
at above Bouncy Castle priority.
Bug: 20691708
Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
|
|
This is a follow-up to 70376a77280551791dae62586a6bb0c77ed9429a where
I forgot to update this mapping.
Bug: 18088752
Change-Id: I322a9abd642ddee3bd2b4f49379b121012e32836
|
|
This adds MD5, SHA-1, SHA-224, SHA-384, and SHA-512. SHA-256 was
already there.
MD5 is not exposed for HMAC on purpose, because MD5 has been
deprecated for years.
Bug: 18088752
Change-Id: I4df3d3f6cf10805c7910a1bdb577a91c85055945
|
|
This avoids loading all AndroidKeyStore crypto SPI classes when the
AndroidKeyStore provider is instantiated and installed. This provider
is installed early on during the initialization of each app. Most apps
don't need these classes loaded.
Bug: 18088752
Change-Id: Ib43c9dd6a7d434b128916e0f9c8652ba61df0d47
|
|
Bug: 18088752
Change-Id: I76d42e17f5f28af6fd9a96ee812d286f6c6a085b
|
|
This adds AndroidKeyStore.getKeyStoreOperationHandle method which can
be used to obtain the KeyStore operation handle corresponding to the
provided JCA cryto primitive (provided it's backed by
AndroidKeyStore).
Bug: 18088752
Change-Id: Iaa3b6f9b2281b2ec2de8fd5946d353dc7fdb3d2d
|
|
This factory provides a way to obtain information about a SecretKey
backed by AndroidKeyStore. The information is provided in a form of an
instance of KeyStoreKeySpec class.
EXAMPLE
SecretKeyFactory factory = SecretKeyFactory.getInstance(
key.getAlgorithm(), "AndroidKeyStore");
KeyStoreKeySpec keySpec =
factory.getKeySpec(key, KeyStoreKeySpec.class);
Bug: 18088752
Change-Id: I26c9dd544f80230fe7039501eeb471eaf875452b
|
|
This adds the following AES transformations:
* AES/ECB/NoPadding
* AES/ECB/PKCS7Padding
* AES/CBC/NoPadding
* AES/CBC/PKCS7Padding
* AES/CTR/NoPadding
Bug: 18088752
Change-Id: I3e4702e59868f8f2225c31b1c159d20008b9999d
|
|
This also adds the MAC length constraint on imported HMAC keys. HMAC
doesn't work without this constraint at the moment.
Bug: 18088752
Change-Id: I8613f58f5d2a84df00bcf6179d13e30619440330
|
|
This currently supports AES and HMAC with SHA-256.
Bug: 18088752
Change-Id: Ife55438cf4129b895295681bb35091cd37eb73fb
|
|
The Android KeyStore backed KeyPairGenerator can generate EC key
pairs, but it cannot be instantiated via the standard JCA approach of
KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the
user must invoke KeyPairGenerator.getInstance("RSA",
"AndroidKeyStore") and then tell it to generate an EC key pair.
This CL fixes this weirdness.
The fix requires the introduction of late resolution of key algorithm
and default key size. Prior to this CL, these parameters were resolved
prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec.
In this CL, these parameters are resolved during KeyPairGenerator
initialization. This is fine because KeyPairGeneratorSpec should be as
dumb as possible and all the logic should reside in KeyPairGenerator
and lower layers.
Bug: 19018089
Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
|
|
Bug: 8657552
Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
|
|
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
|
|
This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.
Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
|
|
This introduces a public API for the Android keystore that is accessible
via java.security.KeyStore API. This allows programs to store
PrivateKeyEntry and TrustedCertificateEntry items visible only to
themselves.
Future work should include:
* Implement KeyStore.CallbackHandlerProtection parameter to allow the
caller to request that the keystore daemon unlock itself via the
system password input dialog.
* Implement SecretKeyEntry once that support is in keystore daemon
Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
|
