This defines the String enum values based on JCA standard names for
key algorithm, block mode, padding schemes, and digests. This should
make it safer to interact with AndroidKeyStore code that uses JCA
strings. This was requested by API Council.
Bug: 18088752
Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
The Android KeyStore backed KeyPairGenerator can generate EC key
pairs, but it cannot be instantiated via the standard JCA approach of
KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the
user must invoke KeyPairGenerator.getInstance("RSA",
"AndroidKeyStore") and then tell it to generate an EC key pair.
This CL fixes this weirdness.
The fix requires the introduction of late resolution of key algorithm
and default key size. Prior to this CL, these parameters were resolved
prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec.
In this CL, these parameters are resolved during KeyPairGenerator
initialization. This is fine because KeyPairGeneratorSpec should be as
dumb as possible and all the logic should reside in KeyPairGenerator
and lower layers.
Bug: 19018089
Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
(partial cherry pick from commit 2eeda7286f)
Bug: 8122243
Change-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
This allows end-users to generate keys in the keystore without the
private part of the key ever needing to leave the device. The generation
process also generates a self-signed certificate.
Change-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9
