Commit Graph

35 Commits

Author SHA1 Message Date
Brian Carlstrom
0137377289 Integrating keystore with keyguard (Part 1 of 4)
Summary:

frameworks/base
  keystore rewrite
  keyguard integration with keystore on keyguard entry or keyguard change
  KeyStore API simplification

packages/apps/Settings
  Removed com.android.credentials.SET_PASSWORD intent support
  Added keyguard requirement for keystore use

packages/apps/CertInstaller
  Tracking KeyStore API changes
  Fix for NPE in CertInstaller when certificate lacks basic constraints

packages/apps/KeyChain
  Tracking KeyStore API changes

Details:

frameworks/base

   Move keystore from C to C++ while rewriting password
   implementation. Removed global variables. Added many comments.

	cmds/keystore/Android.mk
	cmds/keystore/keystore.h
	cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
	cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp

   Changed saveLockPattern and saveLockPassword to notify the keystore
   on changes so that the keystore master key can be reencrypted when
   the keyguard changes.

	core/java/com/android/internal/widget/LockPatternUtils.java

   Changed unlock screens to pass values for keystore unlock or initialization

	policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
	policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java

   KeyStore API changes
   - renamed test() to state(), which now return a State enum
   - made APIs with byte[] key arguments private
   - added new KeyStore.isEmpty used to determine if a keyguard is required

	keystore/java/android/security/KeyStore.java

   In addition to tracking KeyStore API changes, added new testIsEmpty
   and improved some existing tests to validate expect values.

	keystore/tests/src/android/security/KeyStoreTest.java

packages/apps/Settings

    Removing com.android.credentials.SET_PASSWORD intent with the
    removal of the ability to set an explicit keystore password now
    that the keyguard value is used. Changed to ensure keyguard is
    enabled for keystore install or unlock. Cleaned up interwoven
    dialog handing into discrete dialog helper classes.

	AndroidManifest.xml
	src/com/android/settings/CredentialStorage.java

    Remove layout for entering new password

	res/layout/credentials_dialog.xml

    Remove enable credentials checkbox

	res/xml/security_settings_misc.xml
	src/com/android/settings/SecuritySettings.java

    Added ability to specify minimum quality key to ChooseLockGeneric
    Activity. Used by CredentialStorage, but could also be used by
    CryptKeeperSettings. Changed ChooseLockGeneric to understand
    minimum quality for keystore in addition to DPM and device
    encryption.

	src/com/android/settings/ChooseLockGeneric.java

    Changed to use getActivePasswordQuality from
    getKeyguardStoredPasswordQuality based on experience in
    CredentialStorage. Removed bogus class javadoc.

	src/com/android/settings/CryptKeeperSettings.java

    Tracking KeyStore API changes

	src/com/android/settings/vpn/VpnSettings.java
	src/com/android/settings/wifi/WifiSettings.java

   Removing now unused string resources

	res/values-af/strings.xml
	res/values-am/strings.xml
	res/values-ar/strings.xml
	res/values-bg/strings.xml
	res/values-ca/strings.xml
	res/values-cs/strings.xml
	res/values-da/strings.xml
	res/values-de/strings.xml
	res/values-el/strings.xml
	res/values-en-rGB/strings.xml
	res/values-es-rUS/strings.xml
	res/values-es/strings.xml
	res/values-fa/strings.xml
	res/values-fi/strings.xml
	res/values-fr/strings.xml
	res/values-hr/strings.xml
	res/values-hu/strings.xml
	res/values-in/strings.xml
	res/values-it/strings.xml
	res/values-iw/strings.xml
	res/values-ja/strings.xml
	res/values-ko/strings.xml
	res/values-lt/strings.xml
	res/values-lv/strings.xml
	res/values-ms/strings.xml
	res/values-nb/strings.xml
	res/values-nl/strings.xml
	res/values-pl/strings.xml
	res/values-pt-rPT/strings.xml
	res/values-pt/strings.xml
	res/values-rm/strings.xml
	res/values-ro/strings.xml
	res/values-ru/strings.xml
	res/values-sk/strings.xml
	res/values-sl/strings.xml
	res/values-sr/strings.xml
	res/values-sv/strings.xml
	res/values-sw/strings.xml
	res/values-th/strings.xml
	res/values-tl/strings.xml
	res/values-tr/strings.xml
	res/values-uk/strings.xml
	res/values-vi/strings.xml
	res/values-zh-rCN/strings.xml
	res/values-zh-rTW/strings.xml
	res/values-zu/strings.xml
	res/values/strings.xml

packages/apps/CertInstaller

  Tracking KeyStore API changes
	src/com/android/certinstaller/CertInstaller.java

  Fix for NPE in CertInstaller when certificate lacks basic constraints
	src/com/android/certinstaller/CredentialHelper.java

packages/apps/KeyChain

  Tracking KeyStore API changes
	src/com/android/keychain/KeyChainActivity.java
	src/com/android/keychain/KeyChainService.java
	support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
	support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
	tests/src/com/android/keychain/tests/KeyChainServiceTest.java

Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
2011-06-01 14:29:59 -07:00
Brian Carlstrom
4d51522f5f Add keychain user with special keystore access permissions
Change-Id: I02fe5171add62c5cd9f57b01bc137f3bc1cb3a69
2011-04-08 14:06:39 -07:00
Chia-chi Yeh
ae17a37d2d KeyStore: Update the parameters of generating master keys.
To improve the security, the parameters to generate the master key has
been changed. Special cares has been taken to prevent from permanent
damages of the existing data during the transition process.

Change-Id: I0c93f3de28a9fcd314932675ccfb65a7f11fa3ff
2010-10-01 01:42:55 +08:00
Chia-chi Yeh
857edec1a2 KeyStore: Initialize IV correctly.
Change-Id: Idbf207dfcc11b92e606cbf4fd3732ed7a8aa3416
2010-09-30 17:28:01 +08:00
Chia-chi Yeh
1c2eccfac3 KeyStore: Fix the return value when send() or recv() has an error.
Change-Id: I20a63c76bd29b1a9f8959a6c4fe5a5b8a9a971b4
2010-09-30 15:17:58 +08:00
Chia-chi Yeh
6efed6c20e keystore: rephrase the comment to make the usage more clear.
Change-Id: I529ca7ed443060089c95fe96dd230288be4b6c96
2010-03-17 16:31:20 +08:00
Chia-chi Yeh
5bf4691382 Merge "keystore: add AID_ROOT into the user table." 2010-03-08 17:50:56 -08:00
Chia-chi Yeh
e3bc023471 keystore: add AID_ROOT into the user table.
Change-Id: I4b9cf24d75ca79583d7913bbb2c33745a2316cde
2010-03-09 09:44:07 +08:00
Chia-chi Yeh
0755483539 keystore: allow '\0's in keys and add guards for cplusplus.
Change-Id: I0af6ed7c5d51ce4ca39cb837e475942800cf6e2d
2010-03-08 17:21:35 +08:00
Chia-chi Yeh
b78679e18d keystore: compute the padding in an intuitive way. 2009-12-30 10:38:39 +08:00
Chia-chi Yeh
ced66258e1 keystore: Add paddings before checksumming.
Also fix a file descriptor leak when file system is nearly full.

Bug: 2339184
2009-12-22 17:26:42 +08:00
Chia-chi Yeh
4424dd7dd5 keystore: remove old implementation and test.
The new tests will be implemented in java.
2009-09-24 13:35:26 +08:00
Chia-chi Yeh
1cdc2a4b81 keystore: rename scan() to saw(). 2009-09-22 02:57:52 +08:00
Chia-chi Yeh
c5dbc5e98a keystore: exclude builds for simulator. 2009-09-22 00:43:13 +08:00
Chia-chi Yeh
dd2a71eebc keystore: enable delete(), scan(), exist() when keystore is locked.
Also check end-of-file explicitly.
2009-09-21 11:36:33 +08:00
Chia-chi Yeh
2f3b2a5aa6 keystore: switch to multi-user version. 2009-09-18 17:23:53 +08:00
Chia-chi Yeh
4cff21f21b keystore: add multi-user support.
Change-Id: I60268261110934a1d60efa341ff530f94415724f
2009-09-18 11:49:55 +08:00
Hung-ying Tyan
408c5f2c98 Fix a minor bug in is_alnum_string()...
and remove some verbose logging
2009-09-17 12:17:29 +08:00
Hung-ying Tyan
b2de5bd4da Add tests and misc fixes on keystore.
* Refactor netkeystore.c to make client and server code testable.
* Add a client test for setting new passwd and changing passwd.
* Exclude "." and ".." from reset_keystore().
* Change ServerCommand.executeCommand() to accept variable length of
  arguments and add convert() to marshalling the args to bytes.
* Keystore.java is revised accordingly.
2009-09-11 19:30:13 +08:00
Chung-yih Wang
2a58b6dbf0 Replace the delimiter whitespace with '\0'.
+ Use '\0' as the delimiter.
+ Allow whitespace character for keystore password.

In previous implementation, we use space as the delimiter. That
will stop user from using passphrase with whitespace character.
2009-09-09 15:00:43 +08:00
repo sync
74c332f184 Fix network order for marshalling in keystore interface.
This will fix the endian issue for heterogeneous architectures in keystore marshalling interface.
2009-08-10 16:13:00 +08:00
Android (Google) Code Review
23c95b3b32 Merge change 9438 into donut
* changes:
  Change some log.i to log.d.
2009-07-31 20:15:15 -07:00
Hung-ying Tyan
6cdee58010 Change some log.i to log.d. 2009-08-01 10:11:46 +08:00
Chung-yih Wang
ccf407f7ac Add unit tests for netkeystore.
+ some boundary checks.
2009-07-30 16:37:48 +08:00
Chung-yih Wang
11e9f3dd26 Add memcpy and strcpy boundary check. 2009-07-24 11:24:31 +08:00
Chia-chi Yeh
23c7adc5e9 keystore: Fix a compile warning. 2009-07-16 14:45:11 +08:00
Android (Google) Code Review
dea9f55274 Merge change 6198 into donut
* changes:
  keystore: Provide a generic getter for native components.
2009-07-06 00:04:54 -07:00
Chia-chi Yeh
5d0ca76229 keystore: Provide a generic getter for native components. 2009-07-06 14:33:09 +08:00
Chung-yih Wang
6ac03019e6 Add password field for WiFi configuration.
1. the certtool.h is modified for avoiding the side effect,
   for saving the configuration with wpa_supplicant.
2. put the loadLibrary back in CertTool.java
3. Fix incorrect JNI declarations.
2009-07-05 11:06:01 +08:00
Chung-yih Wang
37b49519cc Two small checks in keymgmt.
1. Enforce the state check in listkey().
2. Enforce the password length check.
2009-07-03 12:14:36 +08:00
Chung-yih Wang
7bd460b120 Remove the null-termination for Java string compatibility.
1. Also change the keyname delimiter in CertTool.java.
2. Return NOTFOUND if the result.len==0 in the listKeys().
3. Define the keystore states in the class Keystore.
2009-07-02 23:08:39 +08:00
Chung-yih Wang
c186c66a29 Implement the generic mini-keystore for security.
1. We will progressively migrate to this implementation.
2. For richc to have a quick review on the keymgmt part.
3. Add remove_key and make sure all functions are working.
4. Add permission check for get operation.
5. Return the retry count if unlock failed.
6. Add the reset operation for keystore reset.
7. Add the putfile shell command for putting the key value from file.
8. Fix the boundary issue during parsing command.
9. Use the ' ' as delimiter and reset the reply structure for each request.
10. Add change password retry count check.
11. Extract the read_marshal/write_marshal for certtool.h.
12. Remove the old implementation.
2009-07-02 14:08:20 +08:00
Chung-yih Wang
4c40420cd2 Change the keystore APIs.
1. simplify the keypair selection in UI.
2. add the user certificate and key into the keystore for keygen feature.
2009-06-17 14:32:05 +08:00
Chung-yih Wang
8fcbada742 Provide the Keystore feature in the framework.
-- added the keystore library for Java application.
-- changed the marshalling of the keystore function return.
2009-06-11 17:28:40 +08:00
Chung-yih Wang
a92d5dc0f6 First version of the keystore service.
The keystore service is protected by the user 'keystore'. Only keystore
user/group can access the key content. All users are able to do the
following commands from shell as well:
  listcerts
  listuserkeys
  installcert
  removecert
  installuserkey
  removeuserkey
2009-06-08 16:34:54 +08:00