- 12 Aug, 2015 1 commit
-
-
Chad Brubaker authored
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next AES_BLOCK_SIZE Bug:22802399 Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
-
- 29 Jul, 2015 1 commit
-
-
Chad Brubaker authored
Applications can specify arbitrary blobs using insert(), check their length to prevent overflow issues. Bug:22802399 Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
-
- 07 Oct, 2013 1 commit
-
-
Kenny Root authored
"generate" and "put" were not setting the encrypted flag in the blob written to disk. Add setting the flag whenever appropriate for these functions. Additinally, the master key should always be encrypted. Bug: 11113056 Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
-
- 09 Sep, 2013 2 commits
-
-
Kenny Root authored
(cherry picked from commit 86b16e8c) Bug: 10676015 Change-Id: Ic27ed4cce700e1c9f3fca4d72eaa2d20df564446
-
Kenny Root authored
Bug: 10676015 Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
-
- 05 Sep, 2013 2 commits
-
-
Kenny Root authored
Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
-
Kenny Root authored
Some implementations won't support ECDSA or DSA, so provide a fallback for them by using the softkeymaster implementation. This will allow us to universally support ECDSA and DSA on all platforms regardless of HAL version. Bug: 10600582 Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
-
- 03 Sep, 2013 1 commit
-
-
Kenny Root authored
(cherry picked from commit 6071179a) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
-
- 14 Jun, 2013 1 commit
-
-
Douglas Leung authored
Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029 Signed-off-by:
Douglas Leung <douglas@mips.com>
-
- 18 Apr, 2013 1 commit
-
-
Kenny Root authored
The targetUid was not being used as the user to store the key as, so it was ending up under the calling UID. This change matches the code for insert and generate now. (cherry picked from commit 360f51f7) Bug: 8634328 Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
-
- 17 Apr, 2013 1 commit
-
-
Kenny Root authored
The targetUid was not being used as the user to store the key as, so it was ending up under the calling UID. This change matches the code for insert and generate now. Bug: 8634328 Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5
-
- 15 Apr, 2013 2 commits
-
-
Kenny Root authored
In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. (cherry picked from commit 0c540aad) Bug: 8122243 Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
-
Kenny Root authored
(cherry picked from commit aae26fc0) Bug: 8566369 Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
-
- 12 Apr, 2013 1 commit
-
-
Kenny Root authored
Bug: 8566369 Change-Id: I92a37bb709bc491a305cf5b6a5e68b6ac1a8aa24
-
- 11 Apr, 2013 1 commit
-
-
Kenny Root authored
In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
-
- 06 Apr, 2013 2 commits
-
-
Kenny Root authored
Split the directories out per-user. Each Android user ID gets its own directory and master key. This gives each user its own locked/unlocked state. Add migration code that converts existing keystores to this scheme. This even migrates keys that used the non-public API, but only for the primary user. The secondary users may have a different lock screen pattern that would no longer work to unlock the master key. (cherry picked from commit 655b958e) Bug: 7249554 Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7
-
Kenny Root authored
Split the directories out per-user. Each Android user ID gets its own directory and master key. This gives each user its own locked/unlocked state. Add migration code that converts existing keystores to this scheme. This even migrates keys that used the non-public API, but only for the primary user. The secondary users may have a different lock screen pattern that would no longer work to unlock the master key. Bug: 7249554 Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
-
- 05 Apr, 2013 2 commits
-
-
Kenny Root authored
Check should be that the 'is_software' flag is off. (cherry picked from commit 483407ea) Change-Id: I031a035beeec581e9af2207ae37c39aa39e3539c
-
Kenny Root authored
Check should be that the 'is_software' flag is off. Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
-
- 04 Apr, 2013 4 commits
-
-
Kenny Root authored
(cherry picked from commit ff620c25) Change-Id: I8cdf964a6ca8ad0206b263dfcab297fd894f6927
-
Kenny Root authored
Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
-
Kenny Root authored
During an upgrade, a blob would be written out to disk. Whenever a blob is written to disk, it is encrypted in-place. After upgrade, keystore would attempt to use the blob, but get garbage instead of what it expected since it was encrypted. This moves the work of writing up a level so it can then re-read the blob after upgrade. (cherry picked from commit cfeae072) Bug: 7249554 Change-Id: I1be5ecafa6d39fdcce10d9d3623f23440cac8c6e
-
Kenny Root authored
During an upgrade, a blob would be written out to disk. Whenever a blob is written to disk, it is encrypted in-place. After upgrade, keystore would attempt to use the blob, but get garbage instead of what it expected since it was encrypted. This moves the work of writing up a level so it can then re-read the blob after upgrade. Bug: 7249554 Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
-
- 03 Apr, 2013 1 commit
-
-
Kenny Root authored
Add ability for system UID to clear all entries for a different UID. (cherry picked from commit a9bb5498) Bug: 3020069 Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
-
- 02 Apr, 2013 1 commit
-
-
Kenny Root authored
Add ability for system UID to clear all entries for a different UID. Bug: 3020069 Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
-
- 29 Mar, 2013 2 commits
-
-
Kenny Root authored
Add an API to query the HAL to see what kind of storage it reports the device is. (cherry picked from commit 8ddf35a6) Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
-
Kenny Root authored
Add an API to query the HAL to see what kind of storage it reports the device is. Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
-
- 21 Mar, 2013 1 commit
-
-
Kenny Root authored
After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
-
- 20 Mar, 2013 1 commit
-
-
Kenny Root authored
To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
-
- 19 Mar, 2013 1 commit
-
-
Kenny Root authored
Previously we redirected all calls from the wifi or vpn UIDs to the system UID's namespace. This switches the paradigm to allow system to write into wifi and vpn UID keystore spaces instead. Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
-
- 14 Feb, 2013 1 commit
-
-
Kenny Root authored
Most callers only care if the keystore is unlocked for use and not whether it's in a specific state. Change this now so we can change the states later. Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
-
- 13 Feb, 2013 2 commits
-
-
Kenny Root authored
This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413
-
Kenny Root authored
Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
-
- 07 Feb, 2013 1 commit
-
-
Kenny Root authored
This was left-over from previous changes and nothing really used it any more. Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
-
- 04 Feb, 2013 1 commit
-
-
Kenny Root authored
Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
-
- 21 Nov, 2012 1 commit
-
-
Kenny Root authored
Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
-
- 14 Nov, 2012 2 commits
-
-
Kenny Root authored
Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY while others were. Add them where necessary. Additionally, some error cases were not logging any messages so things would mysteriously fail if there was an underlying filesystem problem. Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
-
Kenny Root authored
Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
-
- 27 Sep, 2012 1 commit
-
-
Pavel Chupin authored
Example: keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]' from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}' Change-Id: I8cd239880821724050d1716b78851807e0246ef2 Signed-off-by:
Pavel Chupin <pavel.v.chupin@intel.com>
-
- 20 Aug, 2012 1 commit
-
-
Kenny Root authored
This allows you to check when a key was last modified. Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
-