1. 12 Aug, 2015 1 commit
    • Chad Brubaker's avatar
      Properly check for Blob max length · 0d593526
      Chad Brubaker authored
      sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
      AES_BLOCK_SIZE
      
      Bug:22802399
      Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
      0d593526
  2. 29 Jul, 2015 1 commit
    • Chad Brubaker's avatar
      Fix unchecked length in Blob creation · b124c9e8
      Chad Brubaker authored
      Applications can specify arbitrary blobs using insert(), check their
      length to prevent overflow issues.
      
      Bug:22802399
      Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
      b124c9e8
  3. 07 Oct, 2013 1 commit
    • Kenny Root's avatar
      Set encrypted flag when appropriate · ee8068b9
      Kenny Root authored
      "generate" and "put" were not setting the encrypted flag in the blob
      written to disk. Add setting the flag whenever appropriate for these
      functions.
      
      Additinally, the master key should always be encrypted.
      
      Bug: 11113056
      Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
      ee8068b9
  4. 09 Sep, 2013 2 commits
  5. 05 Sep, 2013 2 commits
    • Kenny Root's avatar
      Add argument to binder call to check key types · 1b0e3933
      Kenny Root authored
      Before there was only one key type supported, so we didn't need to query
      a key type. Now there is DSA, EC, and RSA, so there needs to be another
      argument.
      
      Bug: 10600582
      Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
      1b0e3933
    • Kenny Root's avatar
      Provide fallback for keymaster implementations · 17208e0d
      Kenny Root authored
      Some implementations won't support ECDSA or DSA, so provide a fallback
      for them by using the softkeymaster implementation. This will allow us
      to universally support ECDSA and DSA on all platforms regardless of HAL
      version.
      
      Bug: 10600582
      Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
      17208e0d
  6. 03 Sep, 2013 1 commit
  7. 14 Jun, 2013 1 commit
  8. 18 Apr, 2013 1 commit
    • Kenny Root's avatar
      keystore: fix import as other UIDs · 60898896
      Kenny Root authored
      The targetUid was not being used as the user to store the key as, so it
      was ending up under the calling UID. This change matches the code for
      insert and generate now.
      
      (cherry picked from commit 360f51f7)
      
      Bug: 8634328
      Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
      60898896
  9. 17 Apr, 2013 1 commit
    • Kenny Root's avatar
      keystore: fix import as other UIDs · 360f51f7
      Kenny Root authored
      The targetUid was not being used as the user to store the key as, so it
      was ending up under the calling UID. This change matches the code for
      insert and generate now.
      
      Bug: 8634328
      Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5
      360f51f7
  10. 15 Apr, 2013 2 commits
    • Kenny Root's avatar
      keystore: Add flag for blobs to be unencrypted · f9119d64
      Kenny Root authored
      In order to let apps use keystore more productively, make the blob
      encryption optional. As more hardware-assisted keystores (i.e., hardware
      that has a Keymaster HAL) come around, encrypting blobs start to make
      less sense since the thing it's encrypting is usually a token and not
      any raw key material.
      
      (cherry picked from commit 0c540aad)
      
      Bug: 8122243
      Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
      f9119d64
    • Kenny Root's avatar
      keystore: fix bug in clear_uid · 5f531242
      Kenny Root authored
      (cherry picked from commit aae26fc0)
      
      Bug: 8566369
      Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
      5f531242
  11. 12 Apr, 2013 1 commit
  12. 11 Apr, 2013 1 commit
    • Kenny Root's avatar
      keystore: Add flag for blobs to be unencrypted · 0c540aad
      Kenny Root authored
      In order to let apps use keystore more productively, make the blob
      encryption optional. As more hardware-assisted keystores (i.e., hardware
      that has a Keymaster HAL) come around, encrypting blobs start to make
      less sense since the thing it's encrypting is usually a token and not
      any raw key material.
      
      Bug: 8122243
      Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
      0c540aad
  13. 06 Apr, 2013 2 commits
    • Kenny Root's avatar
      keystore: Add multi-user support · 68b46319
      Kenny Root authored
      Split the directories out per-user. Each Android user ID gets its own
      directory and master key. This gives each user its own locked/unlocked
      state.
      
      Add migration code that converts existing keystores to this scheme. This
      even migrates keys that used the non-public API, but only for the
      primary user. The secondary users may have a different lock screen
      pattern that would no longer work to unlock the master key.
      
      (cherry picked from commit 655b958e)
      
      Bug: 7249554
      Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7
      68b46319
    • Kenny Root's avatar
      keystore: Add multi-user support · 655b958e
      Kenny Root authored
      Split the directories out per-user. Each Android user ID gets its own
      directory and master key. This gives each user its own locked/unlocked
      state.
      
      Add migration code that converts existing keystores to this scheme. This
      even migrates keys that used the non-public API, but only for the
      primary user. The secondary users may have a different lock screen
      pattern that would no longer work to unlock the master key.
      
      Bug: 7249554
      Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
      655b958e
  14. 05 Apr, 2013 2 commits
  15. 04 Apr, 2013 4 commits
    • Kenny Root's avatar
      Fix CL split and build · 2ca3b1b2
      Kenny Root authored
      (cherry picked from commit ff620c25)
      
      Change-Id: I8cdf964a6ca8ad0206b263dfcab297fd894f6927
      2ca3b1b2
    • Kenny Root's avatar
      Fix CL split and build · ff620c25
      Kenny Root authored
      Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
      ff620c25
    • Kenny Root's avatar
      keystore: fix upgrades · 7a310fbb
      Kenny Root authored
      During an upgrade, a blob would be written out to disk. Whenever a blob
      is written to disk, it is encrypted in-place. After upgrade, keystore
      would attempt to use the blob, but get garbage instead of what it
      expected since it was encrypted.
      
      This moves the work of writing up a level so it can then re-read the
      blob after upgrade.
      
      (cherry picked from commit cfeae072)
      
      Bug: 7249554
      Change-Id: I1be5ecafa6d39fdcce10d9d3623f23440cac8c6e
      7a310fbb
    • Kenny Root's avatar
      keystore: fix upgrades · cfeae072
      Kenny Root authored
      During an upgrade, a blob would be written out to disk. Whenever a blob
      is written to disk, it is encrypted in-place. After upgrade, keystore
      would attempt to use the blob, but get garbage instead of what it
      expected since it was encrypted.
      
      This moves the work of writing up a level so it can then re-read the
      blob after upgrade.
      
      Bug: 7249554
      Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
      cfeae072
  16. 03 Apr, 2013 1 commit
  17. 02 Apr, 2013 1 commit
  18. 29 Mar, 2013 2 commits
  19. 21 Mar, 2013 1 commit
    • Kenny Root's avatar
      keystore: change migrate to duplicate · d53bc92f
      Kenny Root authored
      After discussion, it was determined that duplicate would be less
      disruptive and it still fit in the current HAL model.
      
      Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
      d53bc92f
  20. 20 Mar, 2013 1 commit
    • Kenny Root's avatar
      keystore: add "migrate" command · 02254077
      Kenny Root authored
      To support the WiFi service, we need to support migration from the
      system UID to the wifi UID. This adds a command to achieve the
      migration.
      
      Bug: 8122243
      Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
      02254077
  21. 19 Mar, 2013 1 commit
    • Kenny Root's avatar
      keystore: allow system UID to WiFi or VPN · 49468908
      Kenny Root authored
      Previously we redirected all calls from the wifi or vpn UIDs to the
      system UID's namespace. This switches the paradigm to allow system to
      write into wifi and vpn UID keystore spaces instead.
      
      Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
      49468908
  22. 14 Feb, 2013 1 commit
    • Kenny Root's avatar
      keystore: Check for unlock, not for specific state · 9d45d1ca
      Kenny Root authored
      Most callers only care if the keystore is unlocked for use and not
      whether it's in a specific state. Change this now so we can change the
      states later.
      
      Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
      9d45d1ca
  23. 13 Feb, 2013 2 commits
    • Kenny Root's avatar
      keystore: add UID to certain APIs · b88c3eb9
      Kenny Root authored
      This will allow explicit indication of which UID to put things under for
      trusted UIDs (e.g., system UID) in a future change instead of putting
      things only in the calling UID.
      
      Change-Id: Ifc321a714d874a1142890138101ce4166906f413
      b88c3eb9
    • Kenny Root's avatar
      keystore: rename uid to callingUid · d38a0b07
      Kenny Root authored
      Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
      d38a0b07
  24. 07 Feb, 2013 1 commit
  25. 04 Feb, 2013 1 commit
  26. 21 Nov, 2012 1 commit
  27. 14 Nov, 2012 2 commits
    • Kenny Root's avatar
      EINTR handling and debugging for error cases · 150ca934
      Kenny Root authored
      Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY
      while others were. Add them where necessary.
      
      Additionally, some error cases were not logging any messages so things
      would mysteriously fail if there was an underlying filesystem problem.
      
      Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
      150ca934
    • Kenny Root's avatar
      Switch keystore to binder · 07438c8d
      Kenny Root authored
      Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
      07438c8d
  28. 27 Sep, 2012 1 commit
  29. 20 Aug, 2012 1 commit