Nothing using the EVP_PKEY correctly, so we should revert to the EC_KEY
and ECDSA interfaces. Unfortunately, the SSL client certificate library
uses EC_KEY directly, so just having the EVP_PKEY interface doesn't
work.
Remove the EVP_PKEY interface entirely because it just adds complexity
since the EC_KEY path will do the same thing.
Bug: 10655329
Change-Id: I97d17068297c33477b3b9f754f2713fdf258d646
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.
Bug: 10600582
Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
We need to add more methods to the keystore engine, so split out RSA so
it doesn't become too unwieldy.
This doesn't affect the size of the symbol table since the default
visibility for this module is "hidden."
Change-Id: I806553a8d1a01ff0ffd7b67054932ddf783bb502
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
(cherry picked from commit 360f51f7af)
Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.
Bug: 8634328
Change-Id: Iedbbdaa0ac77f3aedb32a719458b5b503a66efd5
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
(cherry picked from commit 0c540aad59)
Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.
Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.
(cherry picked from commit 655b958eb2)
Bug: 7249554
Change-Id: Icfc117d9bc68bd88997ab03673fb77b581acf3f7
