This simplifies the AndroidKeyStore API around user authentication: no
more explicit control over which user authenticators are bound to
which keys.
User-authenticated keys with timeout are unlocked by whatever unlocks
the secure lock screen (currently, password/PIN/pattern or
fingerprint). User-authenticated keys that need authentication for
every use are unlocked by fingerprint only.
Bug: 20526234
Bug: 20642549
Change-Id: I1e5e6c988f32657d820797ad5696797477a9ebe9
When AndroidKeyStore keys require used authentication, they need to be
bound to a Keymaster's Secure User ID. This ID will be set by keystore
soon. Until then, set it from the framework level (i.e., from apps
which use AndroidKeyStore).
NOTE: Accessing gatekeeper to obtain the Secure User ID will be
blocked by SELinux policy. To test this code, disable SELinux
enforcing mode.
Bug: 18088752
Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e
This tracks 59f977c698 due to which
AndroidKeyStore is unable to provide symmetric keys because it
assumes that the digest field is not repeating.
Bug: 18088752
Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
This replaces int-based enums from KeyStoreKeyConstraints with
String values commonly used in JCA API.
As part of under the hood refactoring:
* KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been
merged into KeyStoreKeyProperties.
* KeymasterUtils methods operating on KeymasterArguments and
KeymasterCharacteristics have been moved to their respective
classes.
Bug: 18088752
Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
This makes the new AndroidKeyStore API conform with the latest
Keymaster API changes as well as the latest Android framework API
design guidelines.
Keymaster changes:
* Multiple paddings, block modes, and digests can be set on a key.
* "max uses per boot" and "min seconds between use" restrictions will
not be exposed in the framework API.
* Padding scheme ZERO will not be exposed.
Changes due to Android framework design guidelines:
* Sets of enum values have been replaced with bitsets represented as
ints.
* Integer has been replaced with int, with null being represented
with a special value (e.g., -1 or 0) where possible.
Bug: 18088752
Change-Id: Ib21739aa9b42d48895cb7a681e836a5c6d972ac6
Keymaster HAL currently requires that key validity start and end dates
always be specified. The framework API does not. This CL expresses
the framework API's "not specified" instants to Keymaster as instants
in distant past or future.
Bug: 18088752
Change-Id: Ia9d66d5e57bfca30628cdef6e0925a2781a3acfb
This also adds the MAC length constraint on imported HMAC keys. HMAC
doesn't work without this constraint at the moment.
Bug: 18088752
Change-Id: I8613f58f5d2a84df00bcf6179d13e30619440330
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
(partial cherry pick from commit 2eeda7286f)
Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.
Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.
Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
Existing KeyStore implementations throw NullPointerExceptions beacuse
the KeyStoreSpi doesn't check these arguments for null. Add in checks so
we don't accidentally check some bogus values.
Also switch a RuntimeException to a KeyStoreException
Change-Id: I18f4d4474d607cb2057ea8069b901e0992275e78
For the AndroidKeyStore API, allow entries to have their certificate
chain replaced without destroying the underlying PrivateKey. Since
entries are backed by unexportable private keys, requiring them to be
supplied again doesn't make sense and is impossible.
Change-Id: I629ce2a625315c8d8020a082892650ac5eba22ae
This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.
Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
This introduces a public API for the Android keystore that is accessible
via java.security.KeyStore API. This allows programs to store
PrivateKeyEntry and TrustedCertificateEntry items visible only to
themselves.
Future work should include:
* Implement KeyStore.CallbackHandlerProtection parameter to allow the
caller to request that the keystore daemon unlock itself via the
system password input dialog.
* Implement SecretKeyEntry once that support is in keystore daemon
Change-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a
