summaryrefslogtreecommitdiff
path: root/keystore
AgeCommit message (Collapse)Author
2021-02-04Keystore 2.0 SPI: Add NAMESPACE_WIFI.Janis Danisevskis
Test: N/A Bug: 171305388 Change-Id: I9003bb2754c2a09cdac77d86786d2e7d3dc05651
2021-02-03Merge "Add DPM.hasKeyPair()"Rubin Xu
2021-02-03Merge "Keystore 2.0: isKeystore2Enabled returned wrong value."Treehugger Robot
2021-02-03Keystore 2.0: isKeystore2Enabled returned wrong value.Janis Danisevskis
Test: Keystore 2.0 is used by certain system apps (Settings, Keychain) when enabled. Change-Id: Idc3f27577df684561d403047a1e611bdc1350409
2021-02-03Merge changes from topic "limited_use_keys"Treehugger Robot
* changes: Add limited use keys related API into Keystore 2.0 SPI. Limited use key: feature flags.
2021-02-03Add limited use keys related API into Keystore 2.0 SPI.Qi Wu
Bug: b/174140443 Test: atest CtsKeystoreTestCases The new CTS tests for this feature is introduced in aosp/1556464 Change-Id: I9620c4a3e5d2c10ed8a50d494e63eb2fb19dabef Merged-In: I9620c4a3e5d2c10ed8a50d494e63eb2fb19dabef
2021-02-02Add DPM.hasKeyPair()Rubin Xu
(trimmed down to only contain IKeyChainService.aidl change) The method returns true if a private key and a user certifiate are present in KeyChain under this alias. Bug: 179180345 Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDirectly Test: atest android.admin.cts.DevicePolicyManagerTest Change-Id: I15ca6190db1ef4dbf0caabe9d46008d92f758df5 Merged-In: I15ca6190db1ef4dbf0caabe9d46008d92f758df5
2021-02-02Merge "Update frameworks to use unbundled version of BouncyCastle."Treehugger Robot
2021-01-31Keystore 2.0 SPI: Small fix to apease CTS test.Janis Danisevskis
* The Keystore SPI needs to return null if getKeyEntry is called on a pure certificate entry. * Also checked the wrong purpose. Test: Keystore CTS tests. Change-Id: Ib668447a9ff56fc4cea550f547c6cbfea3590cb3
2021-01-31Keystore 2.0 SPI: Add CERTIFICATE_* tags.Janis Danisevskis
Certificate subject, serial, not before and not after information is now passed to keystore/keymint for certificate generation. Also makeDate accepts negative time values for dates predating Jan 1970 because the CTS tests likes to generate historic certificates. Test: Keystore CTS tests. Change-Id: I7ce664b010222298bda8049aad48f7db155a836d
2021-01-28Merge "Keystore 2.0 SPI: Add back-off hint to BackendBusyException."Treehugger Robot
2021-01-28Merge "Keystore 2.0: Add human readable strings to Keystore exceptions."Treehugger Robot
2021-01-28Keystore 2.0 SPI: Add back-off hint to BackendBusyException.Janis Danisevskis
BackendBusyException now returns a back-off hint that API users can use to implement their retry loop. Bug: 174761871 Test: N/A Change-Id: I95662a5a5432965de365017eae43c502eb5bfc06
2021-01-28Update frameworks to use unbundled version of BouncyCastle.Daulet Zhanguzin
Previously BouncyCastle methods were exposed as libcore APIs (@CorePlatformApi), which no longer possible when ART is updatable module (and can't guarantee BouncyCastle API stability) Bug: 154796679 Test: Treehugger Change-Id: I908681841a6766de88761767c77c4e2d4b5f56d5
2021-01-27ECDH SPI interfaceBram Bonné
Test: atest KeyAgreementTest Bug: 171847641 Change-Id: I7cb0c713e3797bb738a6134c690824e762346d4f
2021-01-26Keystore 2.0 SPI Small doc comment fixup.Janis Danisevskis
Test: N/A Change-Id: Ia54b912092431569cac64e228b902abd6383f728
2021-01-26Keystore 2 SPI: Fix KeyStorePublicKey getEncoded().Janis Danisevskis
AndroidKeyStorePublicKey now returns the encoded key instead of the encoded certificate. Test: Keystore CTS tests. Bug: 178456047 Change-Id: I2c9b44bd13c702545b33ed0fb4c7e802c13851f6
2021-01-19Keystore 2.0: Add human readable strings to Keystore exceptions.Janis Danisevskis
Test: N/A Change-Id: Ic07ca2329c6ebf3dacddf687cc85935e2bfa0cdd
2021-01-19Keystore 2.0: Integrate onLockScreenEvent.Hasini Gunasinghe
This patch updates LockSettingService and TrustManagerService to use the new Keystore 2.0 authorization api. Bug: 166672367 Test: VTS test Change-Id: I5494d7b923d33d447488a0c67ada43d1f9593861
2021-01-19Keystore 2.0 SPI: Use Timestamp from secure clock serviceJanis Danisevskis
Test: N/A Change-Id: I20e925e2827a6485b187d20b737456e8a5d4c437
2021-01-19Integrate IKeystoreAuthorization aidl's addAuthToken with Keystore SPI.Hasini Gunasinghe
This CL introduces the Keystore SPI class for IKeystoreAuthorization aidl interface and implements the calling code for addAuthToken method. Bug: 166672367 Bug: 177830239 Bug: 177791435 Bug: 177787061 Bug: 177787180 Test: VTS test Change-Id: I9f0adc97efadd0fa1a1f16dd5ec811f4151a2b03
2021-01-18Merge "Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit...""Louis Chang
2021-01-18Revert "Integrate IKeystoreAuthorization aidl's addAuthToken wit..."Louis Chang
Revert submission 1519257-rename_auth_service Reason for revert: breaking WM presubmit, b/177787180 Reverted Changes: Ib847b68d4:Integrate IKeystoreAuthorization aidl's addAuthTok... I7893ab452:Integrate IKeystoreAuthorization aidl's addAuthTok... I4a092119c:Implement addAuthToken method of IKeystoreAuthoriz... Change-Id: Iea9bf7e7b3d1e968bbbe39f4ec08dcc3577cee07
2021-01-16Merge "Integrate IKeystoreAuthorization aidl's addAuthToken with Keystore SPI."Treehugger Robot
2021-01-15Keystore 2.0 SPI: Fix bug in chunked streamer.Janis Danisevskis
The chunked streamer sent the chunk buffer prematurely leading to oversized and garbage data sent to keystore. Test: atest android.keystore.cts.SignatureTest#testSmallMsgKat Change-Id: I84e40766b735f05b3fb7e0e692d26a25a0496649
2021-01-14Integrate IKeystoreAuthorization aidl's addAuthToken with Keystore SPI.Hasini Gunasinghe
This CL introduces the Keystore SPI class for IKeystoreAuthorization aidl interface and implements the calling code for addAuthToken method. Bug: 166672367 Test: VTS test Change-Id: I7893ab4520b16533b9fddc9909297856e0b523ae
2021-01-06Keystore 2.0: Fix wrong exception returned on not authenticated.Janis Danisevskis
Test: CtsVerifier fingerprint bound key test. Change-Id: I0aa897455b88d7a709e4de6b515eef43bc15d053
2021-01-05Merge "Keystore 2.0: Android Protected Confirmation"Treehugger Robot
2020-12-21Merge "Keystore 2.0 SPI: Switch to aidl union KeyParameters"Treehugger Robot
2020-12-18Keystore 2.0 SPI: Public key operation workaround.Janis Danisevskis
Test: Keystore cts tests. Change-Id: I316fdb8beae018ac91c172dede735e6b0759368a
2020-12-18Keystore 2.0 SPI: Bug fixesJanis Danisevskis
* Correctly recover public key from certificate. * KeyStore2ParameterUtils: iterate through set flags instead of unset flags. * Return private key on Keystore.getKey() instead of public key. Test: Keystore CTS tests Change-Id: I99c1bd49ff5cf7a2d89b54559504e67b3def0cd3
2020-12-17Keystore 2.0 SPI: Switch to aidl union KeyParametersJanis Danisevskis
Test: Compiles Change-Id: I54b0d7a97954eb45283cf48bf2372db5e7ffa61a
2020-12-16Merge "Make AndroidKeyStoreLoadStoreParameter public"Tianjie Xu
2020-12-16Keystore 2.0: Android Protected ConfirmationJanis Danisevskis
Bug: 160930927 Test: CtsVerifier Change-Id: I9cc325eafbee2aa4257a3ccbe525091a1cae806d
2020-12-15Make AndroidKeyStoreLoadStoreParameter publicTianjie
So other packages can load the keystore with namespace. Test: build Change-Id: I7de3e51df438b794adb3793a189396999bdd1b88
2020-12-15Keystore 2.0 SPI: Implement modification time.Janis Danisevskis
Test: Keystore CTS test. Change-Id: I097b58fa6c403ff426d99ed484ed324e1419b4e3
2020-12-11Revert "Revert "Keystore 2.0 SPI: Move keymint spec to security ..."Shawn Willden
Revert "Revert "Keystore 2.0: Move keymint spec to security name..." Revert "Revert "Keystore 2.0: Move keymint spec to security name..." Revert^2 "Remove references to keymint1" 34536a352803a08776cc4f373d93a94e1fcbf98e Bug: 175345910 Bug: 171429297 Change-Id: I694e677e4e20419440f12cb7981f0c0c4ca29e08
2020-12-11Revert "Keystore 2.0 SPI: Move keymint spec to security namespace."Orion Hodson
Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Move keymint to android.hardware.security." Revert "Configure CF to start KeyMint service by default." Revert "Move keymint to android.hardware.security." Revert "Move keymint to android.hardware.security." Revert submission 1522123-move_keymint Reason for revert: Build breakage Bug: 175345910 Bug: 171429297 Reverted Changes: Ief0e9884a:Keystore 2.0: Move keymint spec to security namesp... Idb54e8846:Keystore 2.0: Move keymint spec to security namesp... I9f70db0e4:Remove references to keymint1 I2b4ce3349:Keystore 2.0 SPI: Move keymint spec to security na... I2498073aa:Move keymint to android.hardware.security. I098711e7d:Move keymint to android.hardware.security. I3ec8d70fe:Configure CF to start KeyMint service by default. Icbb373c50:Move keymint to android.hardware.security. I86bccf40e:Move keymint to android.hardware.security. Change-Id: Icd279f358db2387bf2bf232b0548762fab51e67d
2020-12-09Keystore 2.0 SPI: Move keymint spec to security namespace.Janis Danisevskis
Test: N/A Change-Id: I2b4ce3349baf29eb67a31f0c436b964d69d70b02
2020-11-23Keystore 2.0 SPI: Fix installation of legacy Keystore providerJanis Danisevskis
Priviously we installed the legacy keystore SPI by the name KeyStore.AndroidKeyStore and set an alias to KeyStore.AndroidKeyStoreLegacy. This conflicted with with the Keystore provider which also registers as KeyStore.AndroidKeyStore. This patch registers the old provider only by the name KeyStore.AndroidKeyStore. Test: CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_Properties Also, the device boots. Change-Id: I38a248a996839f397bdcae30fd1b03a883209df2
2020-11-18Merge "Fix Broken test: ↵Treehugger Robot
libcore.java.security.ProviderTest#test_Provider_Properties"
2020-11-18Fix Broken test: libcore.java.security.ProviderTest#test_Provider_PropertiesJanis Danisevskis
Test: CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_Properties Bug: 173480441 Change-Id: I188cd778a25d221991280eb461a7ec052503790c
2020-11-17Keystore 2.0 SPI: Use KeyMint AIDL types.Janis Danisevskis
We are now using KeyMint types for KeyParameter and SecurityLevel. Test: None Change-Id: I3db72c17a9cb999a0248df4c37588dfc2ad84f74
2020-11-13Keystore 2.0 SPI: Install legacy Keystore provider as AndroidKeyStoreLegacyJanis Danisevskis
With this patch we install the old Keystore provider as AndroidKeyStoreLegacy when the Keystore 2.0 provider is installed as AndroidKeyStore. This allows system components to keep using the old keystore while we can run CTS tests against the new provider. The tests are still mostly failing at this point. Installing the new SPI can be enabled by setting the property ro.android.security.keystore2.enable=true Bug: 159476414 Test: This enables running CTS tests against Keystore 2.0. Change-Id: I9731d9783ccf8f2705a5ca7335e00c8f4c8debba
2020-11-13Keystore 2.0 SPI: Evolve the generator SPI.Janis Danisevskis
We delegate the generation of self signed certificates to the KeyMint backend. Also we use the KeyParamter AIDL type instead of KeymasterArguments to construct parameter lists. Bug: 159476414 Test: None Change-Id: I441a4d4df4ef04e3da8aeaff3274c609d549c979
2020-11-13Keystore 2.0 SPI: Evolve Factory SPIJanis Danisevskis
We no longer need to get the key characteristics from the Keystore daemon to construct the KeyInfo for a key. Also we have to extract the key info from the KeyParameter AIDL type rather than from the hand written KeymasterArguments. This patch also exposes the correct security level for a key through KeyInfo. Bug: 159476414 Test: None Change-Id: I86a85e481e19fdadfed38a42aeac4ffe5f8b83fa
2020-11-13Keystore 2.0 SPI: AndroidKeyStoreProvider loads keys from Keystore 2.0Janis Danisevskis
This patch adjusts the AndroidKeyStoreProvider to register all services with the correct packages names. And the utility functions load key using the correct Keystore 2.0 methods. Bug: 159476414 Test: None Change-Id: I9268fd66d28e89e188e85991bcf90c7f19809232
2020-11-13Keystore 2.0 SPI: Evolve the Crypto SPI.Janis Danisevskis
This patch evolves the Crypto SPI to use the new Keystore 2.0 shim. The main changes are: * The SPI uses the AIDL defined KeyParameter instead of KeymasterArguments. * Operations are created directly from the KeystoreSecurityLevel that is part of the AndroidKeyStoreKey object. Also this patch deletes the DeletatingX509Certificate class. This is no longer needed, because public key operations are no longer performed by Keystore 2.0. We can delegate public certificate operations simply by wrapping such certificates into public keys that are understood by other providers, such as BouncyCastle. Bug: 159476414 Test: None Change-Id: Ice874a8121d80bf788da059b4e8420c7dd799d81
2020-11-13Keystore 2.0 SPI: KeyParameter utilities.Janis Danisevskis
The wire type for key parameters is now generated from AIDL rather than the hand written parcelable KeymasterArguments. So we need some of the utilities for creating key parameters that the latter provided. We also nicked some utility function from KeymasterUtils. Bug: 159476414 Test: None Change-Id: I12c674b6a00dd3abbed4972d80ceb766a73881e8
2020-11-13Keystore 2.0 SPI: Update the chunked streamer.Janis Danisevskis
This patch makes the chunked streamer observe the simplified Keystore 2.0 operation interface. Keystore is now required to consume all supplied data or reject data outright if too much (more than 32KiB) is supplied in a single transaction. This allows for a simplified streamer logic and a simplified interface. We also no longer send entropy to Keystore. This will be handled by the Keystore 2.0 daemon. Test: None Bug: 159476414 Change-Id: Ie75d10fd5d5ac0da60e23e35467d0a7873230dea
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 03:16:44 +0000