Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
(cherry picked from commit 1b0e393390)
Bug: 10600582
Change-Id: I52418ade881d053229dd3c1d0cf438823468b51b
Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.
(cherry picked from commit 17208e0de5)
Bug: 10600582
Change-Id: Ic02102cb2b7f66e2ad3469f4edd9d03c4ae3fdf4
Nothing using the EVP_PKEY correctly, so we should revert to the EC_KEY
and ECDSA interfaces. Unfortunately, the SSL client certificate library
uses EC_KEY directly, so just having the EVP_PKEY interface doesn't
work.
Remove the EVP_PKEY interface entirely because it just adds complexity
since the EC_KEY path will do the same thing.
(cherry picked from commit 47041552bd)
Bug: 10655329
Change-Id: Ibf8c36780fe93284b88e91b7860baf1b951b4266
We need to add more methods to the keystore engine, so split out RSA so
it doesn't become too unwieldy.
This doesn't affect the size of the symbol table since the default
visibility for this module is "hidden."
Change-Id: I806553a8d1a01ff0ffd7b67054932ddf783bb502
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
(cherry picked from commit 360f51f7af)
Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
Bug: 8634328
Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
(cherry picked from commit 0c540aad59)
Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
(cherry picked from commit 655b958eb2)
Bug: 7249554
Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
Bug: 7249554
Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
