GitLab

Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.

Bug: 10600582
Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86

(cherry picked from commit 6071179a)

Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618

* commit 'e2a878e9':
  Revert "Revert "Split up main engine from methods""

Added missing Android.mk change in this commit.

This reverts commit 1fcabcd3.

Change-Id: I71e7fbc8f80a35b4666af985cffb4e7a2eb5634f

* commit '3aca7a31':
  Revert "Split up main engine from methods"

This reverts commit 2715806b.

Change-Id: I7dfaf2cd97a17913710432007a66fc7df6fcad5d

* commit 'bb621b36':
  Split up main engine from methods

We need to add more methods to the keystore engine, so split out RSA so
it doesn't become too unwieldy.

This doesn't affect the size of the symbol table since the default
visibility for this module is "hidden."

Change-Id: I806553a8d1a01ff0ffd7b67054932ddf783bb502

am a65d5236: Merge "Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips."

* commit 'a65d5236':
  Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips.

Merge "Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips."

Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029
Signed-off-by: Douglas Leung <douglas@mips.com>

* commit '76820356':
  keystore: fix import as other UIDs

The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.

(cherry picked from commit 360f51f7)

Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d

* commit '360f51f7':
  keystore: fix import as other UIDs

The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.

Bug: 8634328
Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5

* commit '1223495e':
  keystore: Add flag for blobs to be unencrypted

* commit 'b3fc31a4':
  keystore: fix bug in clear_uid

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

(cherry picked from commit 0c540aad)

Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a

(cherry picked from commit aae26fc0)

Bug: 8566369
Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720

* commit '5d884972':
  keystore: Add flag for blobs to be unencrypted

* commit 'aae26fc0':
  keystore: fix bug in clear_uid

Bug: 8566369
Change-Id: I92a37bb709bc491a305cf5b6a5e68b6ac1a8aa24

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd

* commit 'a6fe6209':
  Add liblog

Bug: 8580410
Change-Id: I0d9b208021c35ad37fdbc4518aa6e76d65184c25

* commit '92af9812':
  keystore: Add multi-user support

* commit '68b46319':
  keystore: Add multi-user support

Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.

Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.

(cherry picked from commit 655b958e)

Bug: 7249554
Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7

Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.

Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.

Bug: 7249554
Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573

* commit '56995079':
  keystore: fix inverted hardware keystore check

* commit '77c4e48e':
  Fix CL split and build