summaryrefslogtreecommitdiff
path: root/keystore/java/android/security/KeyStoreParameter.java
AgeCommit message (Collapse)Author
2020-10-27Keystore SPI: Deprecate encryption flag.Janis Danisevskis
The encryption-required flag is only available in already deprecated API KeyPairGeneratorSpec and KeyStoreParameter will be ignored from Android S. Keys are and have been encrypted by default for a long time and if additional binding to the LSKF is desired it can be requested by KeyGenParameterSpec.Builder#setUserAuthenticationRequired(boolean). Test: None Change-Id: I5bd4acb4bba276decd1930ae2e96a55f95627e10
2015-05-26Remove KeyStoreParameter.getContext().Alex Klyubin
This method isn't there in the released API and we don't need it in the new API. Bug: 18088752 Change-Id: Iccd80715bec782ac3a12bea169df4d37264f66f9
2015-05-13New AndroidKeyStore API in android.security.keystore.Alex Klyubin
This CL addresses the comments from API Council about Android KeyStore KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter: 1. These abstractions should not take or hold references to Context. 2. The Builders of these abstractions should take all mandatory parameters in their constructors rather than expose them as setters -- only optional paratemers should be exposed via setters. These comments cannot be addressed without deprecation in the already launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of deprecating just the getContext methods and Builder constructors, this CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and KeyStoreParameter as a whole and exposing all of the AndroidKeyStore API in the new package android.security.keystore. This enables this CL to correct all of the accrued design issues with KeyPairGeneratorSpec (e.g., naming of certificate-related methods) and KeyStoreParameter. This also makes the transition to API Level M more clear for existing users of the AndroidKeyStore API. These users will only have to deal with the new always-mandatory parameters (e.g., purposes) and sometimes-mandatory (e.g., digests, block modes, paddings) if they switch to the new API. Prior to this CL they would've had to deal with this if they invoked any of the new methods of KeyPairGeneratorSpec or KeyStoreParameter introduced in API Level M. This CL rips out all the new API introduced into KeyPairGeneratorSpec and KeyStoreParameter classes for Android M, thus reverting these classes to the API launched in L MR1. This is because the new API is now in android.security.keystore.KeyGenParameterSpec and KeyProtection respectively. Bug: 21039983 Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
2015-05-12Flatten KeyStoreKeyProperties constants.Alex Klyubin
This moves constants/flags declared in inner classes of KeyStoreKeyProperties into KeyStoreKeyProperties, as requested by API Council. Bug: 21039983 Change-Id: I84a3c983e13644a027bed9f605ab8044220a352c
2015-05-11Link to magic constants used by AndroidKeyStore API.Alex Klyubin
This updates the Javadocs of AndroidKeyStore methods which take constants defined in KeyStoreKeyProperties to contain a link to the corresponding set of constants and an example of a couple of accepted constants, to make it easier to understand and find out what constants to use. Bug: 18088752 Change-Id: I338134ef136db62a7caca782cb59dbebdc996670
2015-05-11Add NonNull and Nullable annotations to AndroidKeyStore API.Alex Klyubin
This is to enable Android Lint and Android Studio to flag nullness issues at compile time. Bug: 18088752 Change-Id: I21033b8fcdd989d08c89b50685e47fbb9c74acbf
2015-05-08Document when encrypted AndroidKeyStore keys are wiped.Alex Klyubin
This also drops the boolean parameter from KeyGeneratorSpec.Builder.setEncryptionRequired to match the already launched KeyPairGeneratorSpec.Builder.setEncryptionRequired. Bug: 18088752 Change-Id: I91a3e8c77958971b1bda8329319f1a0d8043b669
2015-05-08More Javadocs for AndroidKeyStore public classes.Alex Klyubin
This adds more detailed class-level Javadocs (incl. examples) for the following public API of Android KeyStore facility: * KeyPairGeneratorSpec, * KeyGeneratorSpec, * KeyStoreParameter, * KeyStoreKeySpec. This also clarifies what encryption at rest means. Bug: 18088752 Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
2015-05-07Document that new APIs for asymmetric crypto have no effect.Alex Klyubin
Bug: 18088752 Change-Id: Idfcf57251e76185425b9271d6a2001c5556f9f59
2015-05-07Merge "Adjust the Javadoc for user authentication timeout." into mnc-devAlex Klyubin
2015-05-07Adjust the Javadoc for user authentication timeout.Alex Klyubin
The Javadoc incorrectly stated that: * 0 means authentication required for every use. * -1 means that timeout is not specified and the key can be any time. Bug: 18088752 Change-Id: Ie5f37e74dc207f23443527ac1725ae8a37213d75
2015-05-06Define String constants for AndroidKeyStore crypto.Alex Klyubin
This defines the String enum values based on JCA standard names for key algorithm, block mode, padding schemes, and digests. This should make it safer to interact with AndroidKeyStore code that uses JCA strings. This was requested by API Council. Bug: 18088752 Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
2015-04-28Align AndroidKeyStore API with user auth API.Alex Klyubin
This simplifies the AndroidKeyStore API around user authentication: no more explicit control over which user authenticators are bound to which keys. User-authenticated keys with timeout are unlocked by whatever unlocks the secure lock screen (currently, password/PIN/pattern or fingerprint). User-authenticated keys that need authentication for every use are unlocked by fingerprint only. Bug: 20526234 Bug: 20642549 Change-Id: I1e5e6c988f32657d820797ad5696797477a9ebe9
2015-04-13Unhide the new AndroidKeyStore API.Alex Klyubin
Bug: 18088752 Change-Id: I93f87cbb1cd04a4a2e34f3d544d678c92cf052ee
2015-04-13resolved conflicts for merge of a978a3d6 to masterAlex Klyubin
Change-Id: Ifd7ca9e1dfa0d50a87f2bafef377fcaeb5d9f6d5
2015-04-13Use JCA names for block modes, paddings, and digests.Alex Klyubin
This replaces int-based enums from KeyStoreKeyConstraints with String values commonly used in JCA API. As part of under the hood refactoring: * KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been merged into KeyStoreKeyProperties. * KeymasterUtils methods operating on KeymasterArguments and KeymasterCharacteristics have been moved to their respective classes. Bug: 18088752 Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
2015-04-09am 4acc3392: am 8676a88e: am 97d2d7c4: Merge "Fix minor issues in new ↵Alex Klyubin
Javadocs of AndroidKeyStore." * commit '4acc3392c35e5ad98c8e7b650b1368a2956746b7': Fix minor issues in new Javadocs of AndroidKeyStore.
2015-04-09Fix minor issues in new Javadocs of AndroidKeyStore.Alex Klyubin
Bug: 18088752 Change-Id: Ie84cc6066c82f2659da17a1eb158c2e3acf5094d
2015-04-09am bbf3cc57: am fd168151: am e26347bb: Merge "Hide ↵Alex Klyubin
KeyStoreParameter.Builder.setRandomizedEncryptionRequired." * commit 'bbf3cc5797293dc915d7ecfe41e85bbe5682548d': Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired.
2015-04-09resolved conflicts for merge of b9a9d46c to masterAlex Klyubin
Change-Id: Ibec45f0f8f9618dd7bd1b34561dccbdd9599cdeb
2015-04-09Hide KeyStoreParameter.Builder.setRandomizedEncryptionRequired.Alex Klyubin
This wasn't meant to be public API yet. Bug: 18088752 Change-Id: I40e57fd9121348086ae88ad9fa54f930547b77ba
2015-04-08Require IND-CPA by default for new AndroidKeyStore keys.Alex Klyubin
Bug: 18088752 Change-Id: I01e44b7155df4326b5c9d83dda57f889c1f23ec7
2015-04-07resolved conflicts for merge of 06adabdb to masterAlex Klyubin
Change-Id: Ifb09e2e6242f79cabe76e95eacc982f6cc7e1a6c
2015-04-07Make the new AndroidKeyStore API conformant.Alex Klyubin
This makes the new AndroidKeyStore API conform with the latest Keymaster API changes as well as the latest Android framework API design guidelines. Keymaster changes: * Multiple paddings, block modes, and digests can be set on a key. * "max uses per boot" and "min seconds between use" restrictions will not be exposed in the framework API. * Padding scheme ZERO will not be exposed. Changes due to Android framework design guidelines: * Sets of enum values have been replaced with bitsets represented as ints. * Integer has been replaced with int, with null being represented with a special value (e.g., -1 or 0) where possible. Bug: 18088752 Change-Id: Ib21739aa9b42d48895cb7a681e836a5c6d972ac6
2015-04-02resolved conflicts for merge of e7e705d4 to masterAlex Klyubin
Change-Id: If3e8c985f4f122f9fb36aab206787aac1407a74e
2015-04-02Expose new key use constraints in KeyPairGeneratorSpec.Alex Klyubin
The constraints are currently ignored. Bug: 18088752 Change-Id: Iabd2018200afb2bf8ac1748d1def47af74bfb9d3
2015-04-01Add fingerprint-specific AndroidKeyStore API.Alex Klyubin
Bug: 18088752 Change-Id: I333d3ffc820d28ae678e28dafc2e8a24cb7eb073
2015-03-26Symmetric key import for AndroidKeyStore.Alex Klyubin
AES and HmacSHA256 symmetric keys can now be imported into AndroidKeyStore. These keys cannot yet be used. Bug: 18088752 Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
2014-06-11am b1cb5aab: am 748856f2: am a7ddd029: am 80e84e2d: am f3cecfa2: am ↵Robert Ly
55d525b2: am 716cc7dc: Add documentation for AndroidKeyStore * commit 'b1cb5aabeb68815715eed423f1f9a7edb9a3e938': Add documentation for AndroidKeyStore
2014-05-07Add documentation for AndroidKeyStoreRobert Ly
Add exposition about the use cases for AndroidKeyStore and links to the API sample application for different use cases. Bug: 8608817 Change-Id: Ic4ce9405781c92f12687895b28c671661ea5524f
2013-11-20Remove unused imports from frameworks/base.John Spurlock
Change-Id: Ia1f99bd2c1105b0b0f70aa614f1f4a67b2840906
2013-04-18Rename API AndroidKey* -> Key*Kenny Root
Bug: 8657552 Change-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 06:31:53 +0000