)]}' { "log": [ { "commit": "bf0728bca82654ade4c723da035259d18d9022ae", "tree": "43c96b65743c2980dd2bfa8fe454e3d9a822e3f3", "parents": [ "643e60b0fed9d113a4a35847f61a98c2f0e3e6f9" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jan 31 11:48:40 2019 +0000" }, "message": "Add owners for KeyChain code\n\nAdd the Android Enterprise Security team as OWNERS for KeyChain and\nKeyChain-related code.\n\nThe KeyChain code currently lives under keystore/, which means every\nchange requires Keystore owners approval, but it does not make sense for\nKeyChain as KeyChain is a Keystore client and is developed\nindependently.\n\nTest: Gerritt upload.\nBug: 33166666\nChange-Id: Idfedda9553add303439179ce10a1e75e437bbe83\n" }, { "commit": "5a5c6e0e44fbccbf5608c1955debf1650890f5a6", "tree": "70d9eebea919172b9898bcdf0fe4e594d28d36ed", "parents": [ "143c65d520b197a271d6de282fc7759d8009ce44" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 11:20:44 2018 +0100" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Jun 28 17:20:01 2018 +0100" }, "message": "Correctly preserve key generation parameters\n\nDue to an oversight, some of the key generation parameters that are set\nin KeyGenParameterSpec were not preserved when parceling the object\n(they should have been added to ParcelableKeyGenParameterSpec but were\nnot).\n\nThis means these parameters will be ignored when generating keys using\nthe DevicePolicyManager.generateKeyPair method, leading to an\ninconsistent key generation behaviour between the DevicePolicyManager\nand KeyStore.\n\nIn particular, this would prevent callers from using StrongBox when\ngenerating keys for use in the KeyChain.\n\nFix the issue by simply persisting these parameters in\nParcelableKeyGenParameterSpec and making sure that the Builder copies\nthem too from the source KeyGenParameterSpec.\n\nLeft to do is put in place an automated measure to find out\ndiscrepancies between the two classes.\n\nBug: 110915980\nBug: 110882855\nBug: 109953656\nTest: atest KeystoreTests\nChange-Id: Ic64bd2921b6dfc97ea34ecba55f532312963ffcb\n" }, { "commit": "ab6ec61251786bf6b4d0407db3bc28aeefcb55db", "tree": "fbdb5c5bd38879440eac702018dd53c0ed639541", "parents": [ "58c83fa7c8609059f3d66a5860abb302284c2981" ], "author": { "name": "Anton Hansson", "email": "hansson@google.com", "time": "Fri Feb 23 12:57:51 2018 +0000" }, "committer": { "name": "Anton Hansson", "email": "hansson@google.com", "time": "Wed Feb 28 15:13:23 2018 +0000" }, "message": "frameworks/base: Set LOCAL_SDK_VERSION where possible.\n\nThis change sets LOCAL_SDK_VERSION for all packages where\nthis is possible without breaking the build, and\nLOCAL_PRIVATE_PLATFORM_APIS :\u003d true otherwise.\n\nSetting one of these two will be made required soon, and this\nis a change in preparation for that. Not setting LOCAL_SDK_VERSION\nmakes the app implicitly depend on the bootclasspath, which is\noften not required. This change effectively makes depending on\nprivate apis opt-in rather than opt-out.\n\nTest: make relevant packages\nBug: 73535841\nChange-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760\n" }, { "commit": "a173064047d304837d907b9b39ece5c14adf2b25", "tree": "6b8716f7f503e84cb257b3154bf5cdded48e43f9", "parents": [ "7d6688f35e37a96579db8ae2342eda3239a92c3c" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Mon Dec 11 17:48:47 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Dec 14 18:09:05 2017 +0000" }, "message": "DevicePolicyManager: Support attestation for generated keys.\n\nIf the KeyGenParameterSpec passed into\nDevicePolicyManager.generateKeyPair contains an attestation challenge,\nrequest an attestation record for the newly-generated key with the\nchallenge provided.\n\nThis particular implementation was chosen, rather than letting the\nattestation record be generated at the same time as key generation, to\navoid having the attestation chain stored in Keystore and associated\nwith the generated alias.\n\nThe rationale is that this is a key that is potentially accessible by\nmultiple applications and the attestation chain may end up being sent\nas a TLS client certificate chain, for example.\n\nAs the attestation challenge should be unique per device, to avoid\nthe potential of sending / sharing unique device information, by\nexplicitly requesting an attestation record after key generation, the\nattestation record is only returned to the generateKeyPair client and\nnot persistend in Keystore.\n\nBug: 63388672\nTest: New CTS test to be run with: \u0027cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG\u0027\nChange-Id: I95a9aef179173b571b533301ac438c675e8fe702\n" }, { "commit": "b866307f99c35252dcb76e9269bb57d97c3c4b86", "tree": "ce8d4edc1cf2edbc48029214dfbde2213a3d9466", "parents": [ "9d25218985ba8ea944b4a51d194744b5a85a1105" ], "author": { "name": "Paul Duffin", "email": "paulduffin@google.com", "time": "Fri Dec 08 00:02:42 2017 +0000" }, "committer": { "name": "Paul Duffin", "email": "paulduffin@google.com", "time": "Fri Dec 08 00:07:17 2017 +0000" }, "message": "Stop statically including legacy-android-test\n\nStatically including legacy-android-test leads to duplicate classes\nwhich causes build time problems (with Proguard) and runtime problems on\nolder SDK versions. This change:\n* Stops statically including legacy-android-test.\n* Adds compile time dependencies on andoid.test.base, android.test.mock\n and android.test.runner where necessary.\n* Adds \u003cuses-library android:name\u003d\"android.test.runner\"/\u003e to any\n affected package to ensure that the classes that were included by\n legacy-android-test are still available at runtime. That also adds a\n dependency on android.test.base and android.test.mock.\n\nThe following change descriptions were generated automatically and so\nmay be a little repetitive. They are provided to give the reviewer\nenough information to check the comments match what has actually been\nchanged and check the reasoning behind the changes.\n\n* apct-tests/perftests/core/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in CorePerfTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n CorePerfTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n* core/tests/ConnectivityManagerTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n ConnectivityManagerTest\u0027s source depends on its classes and because\n of these changes they are no longer present on the compilation\n path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in ConnectivityManagerTest\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* core/tests/bandwidthtests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n BandwidthTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in BandwidthTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* core/tests/bluetoothtests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n BluetoothTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in BluetoothTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* core/tests/hosttests/test-apps/DownloadManagerTestApp/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in DownloadManagerTestApp\n results in duplicate classes which leads to build time and compile\n time issues.\n\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n DownloadManagerTestApp\u0027s source depends on its classes and because\n of these changes they are no longer present on the compilation\n path.\n\n* core/tests/hosttests/test-apps/ExternalSharedPerms/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n ExternalSharedPermsTestApp results in duplicate classes which leads\n to build time and compile time issues.\n\n* core/tests/hosttests/test-apps/ExternalSharedPermsBT/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n ExternalSharedPermsBTTestApp results in duplicate classes which\n leads to build time and compile time issues.\n\n* core/tests/hosttests/test-apps/ExternalSharedPermsDiffKey/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n ExternalSharedPermsDiffKeyTestApp results in duplicate classes\n which leads to build time and compile time issues.\n\n* core/tests/hosttests/test-apps/ExternalSharedPermsFL/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n ExternalSharedPermsFLTestApp results in duplicate classes which\n leads to build time and compile time issues.\n\n* core/tests/notificationtests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n NotificationStressTests\u0027s source depends on its classes and because\n of these changes they are no longer present on the compilation\n path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in NotificationStressTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* keystore/tests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in KeystoreTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* media/mca/tests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n CameraEffectsTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in CameraEffectsTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* media/tests/MediaFrameworkTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n mediaframeworktest\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in mediaframeworktest\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* nfc-extras/tests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in NfcExtrasTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* packages/CarrierDefaultApp/tests/unit/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n CarrierDefaultAppUnitTests\u0027s source depends on its classes and\n because of these changes they are no longer present on the\n compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n CarrierDefaultAppUnitTests results in duplicate classes which leads\n to build time and compile time issues.\n\n* packages/ExtServices/tests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n ExtServicesUnitTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in ExtServicesUnitTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* packages/MtpDocumentsProvider/tests/Android.mk\n Added \u0027android.test.base\u0027 and \u0027android.test.mock\u0027 to\n LOCAL_JAVA_LIBRARIES because MtpDocumentsProviderTests\u0027s source\n depends on their classes and because of these changes they are no\n longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n MtpDocumentsProviderTests results in duplicate classes which leads\n to build time and compile time issues.\n\n* packages/SettingsLib/tests/integ/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n SettingsLibTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SettingsLibTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* packages/SettingsProvider/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SettingsProvider\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* packages/SettingsProvider/AndroidManifest.xml\n Add uses-library for android.test.runner because otherwise this\n change would change the set of files available to SettingsProvider\n at runtime.\n\n* packages/Shell/tests/Android.mk\n Added \u0027android.test.base\u0027 and \u0027android.test.mock\u0027 to\n LOCAL_JAVA_LIBRARIES because ShellTests\u0027s source depends on their\n classes and because of these changes they are no longer present on\n the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in ShellTests results in\n duplicate classes which leads to build time and compile time\n issues.\n\n* packages/SystemUI/shared/tests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SystemUISharedLibTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* packages/SystemUI/tests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SystemUITests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n SystemUITests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n* packages/WAPPushManager/tests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n WAPPushManagerTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in WAPPushManagerTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* sax/tests/saxtests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n FrameworksSaxTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in FrameworksSaxTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* tests/BrowserPowerTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n BrowserPowerTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in BrowserPowerTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* tests/CanvasCompare/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n CanvasCompare\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in CanvasCompare results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* tests/CoreTests/android/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n CoreTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in CoreTests results in\n duplicate classes which leads to build time and compile time\n issues.\n\n* tests/DataIdleTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n DataIdleTest\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in DataIdleTest results in\n duplicate classes which leads to build time and compile time\n issues.\n\n* tests/FrameworkPerf/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n FrameworkPerf\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in FrameworkPerf results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* tests/HierarchyViewerTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n HierarchyViewerTest\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in HierarchyViewerTest\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* tests/ImfTest/tests/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n ImfTestTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in ImfTestTests results in\n duplicate classes which leads to build time and compile time\n issues.\n\n* tests/Internal/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in InternalTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n* tests/MemoryUsage/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n MemoryUsage\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in MemoryUsage results in\n duplicate classes which leads to build time and compile time\n issues.\n\n* tests/NetworkSecurityConfigTest/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n NetworkSecurityConfigTests\u0027s source depends on its classes and\n because of these changes they are no longer present on the\n compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n NetworkSecurityConfigTests results in duplicate classes which leads\n to build time and compile time issues.\n\n* tests/SoundTriggerTests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SoundTriggerTests\n results in duplicate classes which leads to build time and compile\n time issues.\n\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n SoundTriggerTests\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n* tests/SurfaceComposition/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in SurfaceComposition\n results in duplicate classes which leads to build time and compile\n time issues.\n\n Added \u0027android.test.runner.stubs\u0027 to LOCAL_JAVA_LIBRARIES because\n SurfaceComposition\u0027s source depends on its classes and because of\n these changes they are no longer present on the compilation path.\n\n* tests/TtsTests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in TtsTests results in\n duplicate classes which leads to build time and compile time\n issues.\n\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n TtsTests\u0027s source depends on its classes and because of these\n changes they are no longer present on the compilation path.\n\n* tests/WindowAnimationJank/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in WindowAnimationJank\n results in duplicate classes which leads to build time and compile\n time issues.\n\n* tests/permission/Android.mk\n Added \u0027android.test.base\u0027 to LOCAL_JAVA_LIBRARIES because\n FrameworkPermissionTests\u0027s source depends on its classes and\n because of these changes they are no longer present on the\n compilation path.\n\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in\n FrameworkPermissionTests results in duplicate classes which leads\n to build time and compile time issues.\n\n* tests/testables/tests/Android.mk\n Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES\n because statically including the classes in TestablesTests results\n in duplicate classes which leads to build time and compile time\n issues.\n\n Added \u0027android.test.base\u0027 and \u0027android.test.mock\u0027 to\n LOCAL_JAVA_LIBRARIES because TestablesTests\u0027s source depends on\n their classes and because of these changes they are no longer\n present on the compilation path.\n\nBug: 30188076\nTest: make checkbuild\nChange-Id: Iacfc939c97415314366ed61c5f3b7aa1a40f0ec9\n" }, { "commit": "852c8f121f2e502e1e8503bfc230dccb81b681d4", "tree": "27c90a754791b77990afbcb369cac3fad401a3bf", "parents": [ "d52efa56adaca0bc70fb72082c7c663adcb669cc" ], "author": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Wed Nov 15 05:55:52 2017 +0000" }, "committer": { "name": "Eran Messeri", "email": "eranm@google.com", "time": "Thu Dec 07 15:12:30 2017 +0000" }, "message": "DevicePolicyManager: Add key generation functionality.\n\nThis is the crux of the Verified Access feature implementation:\nAdding the ability to generate KeyChain keys directly by the\nsecure hardware, rather than installing software-generated keys\ninto KeyChain.\n\nAdd generateKeyPair to the DevicePolicyManager, which delegates key\ngeneration (via the DevicePolicyManagerService) to the KeyChainService.\n\nDesign highlights:\n* The key generation is delegated via the DevicePolicyManagerService to\n check that only authorized callers request key generation in KeyChain.\n* KeyChainService performs the actual key generation so it owns the key\n in Keystore outright.\n* DevicePolicyManagerService then grants the calling app access to the\n Keystore key, so it can actually be used.\n* Loading the public/private key pair, as well as attestation\n certificate chain, is done in the client code (DevicePolicyManager)\n to save parceling / unparceling those objects across process\n boundaries twice (for no good reason).\n\nNOTE: The key attestation functionality (that includes Device ID) is\nmissing/untested. Will be added in a follow-up CL as this one is quite\nbig already.\n\nHIGHLIGHT FOR REVIEWERS:\n* API: New API in DevicePolicyManager.\n\nBug: 63388672\nTest: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument \u0027android.security.tests/android.support.test.runner.AndroidJUnitRunner\u0027 (After building the KeystoreTests target and installing the apk)\nChange-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc\n" }, { "commit": "91abf9f6e2c60b05377b2b82ea2a09fc25476e56", "tree": "24739cefc13f9d57fa8c8e3574c7d6eb5efbe865", "parents": [ "7fdce769c3ef3885ec8f1716bdeedfc8b056a1d7" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon May 01 16:38:45 2017 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon May 01 16:39:20 2017 -0700" }, "message": "Delete obsolete and unused KeyStoreTests\n\nThese depended on internal implementation details of Conscrypt that are\nchanging. Delete these tests since they\u0027re not included in builds any\nmore.\n\nTest: make checkbuild\nChange-Id: I6ddf832c30bcf49e940c55aa81534c3d987393fb\n" }, { "commit": "ccb04450279c53eda250ac3e20b75cd07bcd1f7e", "tree": "b7465ccb8c71931bcc64f3fa19c90be70d6baf54", "parents": [ "0ac7232b7cd55806b4fd231899a57a20c7f7bdd8" ], "author": { "name": "Paul Duffin", "email": "paulduffin@google.com", "time": "Tue Jan 10 12:08:23 2017 +0000" }, "committer": { "name": "Paul Duffin", "email": "paulduffin@google.com", "time": "Thu Jan 19 09:43:05 2017 +0000" }, "message": "Prepare for removal of legacy-test from default targets\n\nIn preparation for removing junit classes from the Android API\nthe legacy-test target will be removed from the\nTARGET_DEFAULT_JAVA_LIBRARIES. This change adds explicit\ndependencies on junit and/or legacy-android-test to ensure that\nmodules will compile properly once it is removed.\n\n(cherry picked from 6387604f9e672ece85e07c4bcbd7be396867f06f)\n\nBug: 30188076\nTest: make checkbuild\nMerged-In: I13e88297731253420e4e5f5291d503f13a39a156\nChange-Id: I58446eb8c45d8ac2bcdbc9fa40d1321e811bdd4b\n" }, { "commit": "3876b1be27e3aefde9a72eb2e4f856e94fc5f946", "tree": "5783b18f074f1971a83a615ef805f5483f6cfb90", "parents": [ "435acfc88917e3535462ea520b01d0868266acd2" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Sep 09 14:55:03 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Sep 10 15:35:06 2015 -0700" }, "message": "Support cross-UID access from AndroidKeyStore.\n\nThis is meant for exposing the pre-existing cross-UID access to keys\nbacked by the keystore service via higher-level JCA API. For example,\nthis lets system_server use Wi-Fi or VPN UID keys via JCA API.\n\nTo obtain a JCA AndroidKeyStore KeyStore for another UID, use the\nhidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).\n\nTo generate a key owned by another UID, invoke setUid(uid) on\nKeyGenParameterSpec.Builder.\n\nThis CL does not change the security policy, such as which UID can\naccess/modify which UIDs\u0027 keys. The policy is that only certain system\nUIDs are permitted to access keys of certain other system UIDs.\n\nBug: 23978113\nChange-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de\n" }, { "commit": "ae6cb7aad56bb006769cd8a69b92af7236644fc1", "tree": "e70a45074619bb3e1f97cb5dcfe0c28bbfe60129", "parents": [ "12402dafeaf2ec8255d6331d3e82028d694b87d7" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 22 18:09:35 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jun 23 20:04:28 2015 -0700" }, "message": "Keymaster INT, LONG and DATE tag values are unsigned.\n\nThis CL ensures that Android Keystore framework code complies with\nsignedness of keymaster tags. In particular:\n* INT tags are unsigned 32-bit numbers, and\n* LONG and DATE tags are unsigned 64-bit numbers.\n\nThe ensure compliance, KeymasterArguments and KeyCharacteristics\nclasses through which Android Keystore interacts with Keymaster tags\nhave been modified as follows:\n* ENUM and INT tags which used to be conflated are now added/queried\n via separate methods, because ENUM can remain represented as an int\n data type whereas INT is now represented as a long data type with\n permitted range being [0; 2^32).\n* Methods for adding/quering LONG tags have been switched from the long\n data type to the BigInteger data type and now ensure that the value\n is in the permitted [0; 2^63).\n* Methods for adding/querying DATE tags now ensure the Date value is\n in the permitted range [0; 2^63) ms since Unix epoch.\n* Methods for adding tags throw an IllegalArgumentException if the tag\n type is unsuitable for the method. This is to ensure that tags with\n invalid values cannot be added through similar methods (e.g., INT tag\n added via an ENUM tag addition method invoked with a negative value).\n\nBug: 22008538\nChange-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e\n" }, { "commit": "4a0ff7ca984d29bd34b02e54441957cad65e8b53", "tree": "02e9eafdb05f423aa757bc2c94ad7ca6c323eae8", "parents": [ "f22030d1c59aca4f9ad2af7d4c4d646b0b619f27" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jun 09 13:25:20 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jun 10 14:50:55 2015 -0700" }, "message": "Android Keystore keys are no longer backed by Conscrypt.\n\nThis switches Android Keystore asymmetric keys from being backed by\nConscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE\nwhich talks to keystore via the old KeyStore API) to being backed by\nthe AndroidKeyStore Provider which talks to keystore via the new\nKeyStore API. In effect, this switches asymmetric crypto offered by\nAndroid Keystore from old Keystore API to new KeyStore API, enabling\nall the new features such as enforcement of authorizations on key use.\n\nSome algorithms offered by Android Keystore, such as RSA with OAEP\nor PSS padding schemes, are not supported by other providers. This\ncomplicates matters because Android Keystore only supports public key\noperations if the corresponding private key is in the keystore. Thus,\nAndroid Keystore can only offer these operations for its own public\nkeys only. This requires AndroidKeyStore to use its own subclasses of\nPublicKey everywhere. The ugliest place is where it needs to return\nits own subclass of X509Certificate only to be able to return its\nown subclass of PublicKey from Certificate.getPublicKey().\n\nBug: 18088752\nBug: 19284418\nBug: 20912868\nChange-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64\n" }, { "commit": "4350babc028822e8905190d88a9f5b8c6ffce8ec", "tree": "2225ba548ce55506a6a8e8a23fe7549ae7e4d60b", "parents": [ "e1f3214e72b63ed7cbe368005622055f80da0e0d" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 08 10:14:58 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 08 10:14:58 2015 -0700" }, "message": "Remove deprecated android.security.KeyStore methods.\n\n* delKey -\u003e delete\n* getPubkey -\u003e exportKey\n* saw -\u003e list.\n\nBug: 18088752\nChange-Id: Ifb794f91a42646d67da1340ee16765cbaf255a49\n" }, { "commit": "5c56f74527d4d5c8c92c95e7e47319d2324bdb4d", "tree": "9fb5a548cb2526bdd2f753f5cd387c0d8bb16126", "parents": [ "4913211dbe9f6dbbab75788976465eb2e4c46cd7", "0fe70813e03891a2fe0efdc16cd289d646205682" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jun 03 16:35:19 2015 +0000" }, "committer": { "name": "Android (Google) Code Review", "email": "android-gerrit@google.com", "time": "Wed Jun 03 16:35:21 2015 +0000" }, "message": "Merge \"Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG\" into mnc-dev" }, { "commit": "0fe70813e03891a2fe0efdc16cd289d646205682", "tree": "77ef12fcbe96baed1d628785ffff9a10f8ddbdd2", "parents": [ "3aa33b3da04774d76e1a65b749667450dc81532b" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon Jun 01 13:06:45 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Jun 02 14:38:35 2015 -0700" }, "message": "Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG\n\nChange-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52\n" }, { "commit": "966486e134c901ea61195b352fdd81476b3639b4", "tree": "5562d3bab21e3f33e4563ef85f4cc8f901e29d92", "parents": [ "e1c68765cf53473e710438f90e42e0cb26dffe1b" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Mon Jun 01 12:57:06 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Mon Jun 01 15:16:06 2015 -0700" }, "message": "Track changes to the keystore binder API\n\nOutput parameters are gone from begin, instead they will returned in the\nOperationResult and begin, update, and finish may return output\nparameters.\n\nChange-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8\n" }, { "commit": "7a882b5d8d64daaad9377ac7cb5c606aac8c4072", "tree": "13b394806ac4cadc35c4d376fdddae9656d1f8ad", "parents": [ "6a5f85080e1a3656fc9a4a22c71cf7bc1f9239de" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu May 07 11:31:32 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri May 15 11:27:23 2015 -0700" }, "message": "Fix testAuthNeeded test\n\nbegin now returns OP_AUTH_REQUIRED for per operations with per op\nauthorization instead of NO_ERROR.\n\n(cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9)\n\nChange-Id: I1f472125f46155833e03ab30bf18363ff51b2c58\n" }, { "commit": "dcdaf87ed0aa99073638bcfe645949f130f0c7ad", "tree": "a377474c30c5da15f447653dacbe12e25699bf0b", "parents": [ "4ee67bc7a7bb84da1c92dc08427f9737ff8252d6" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed May 13 15:57:09 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed May 13 16:17:40 2015 -0700" }, "message": "Move Android Keystore impl to android.security.keystore.\n\nThis moves the non-public API classes backing Android Keystore from\nandroid.security to android.security.keystore, a package specially\ncreated for Android Keystore.\n\nBug: 18088752\nChange-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad\n" }, { "commit": "3f8d4d840894468f2be8a5b56ff266cef2d71c50", "tree": "a6c2457700b1ab3b9bf5207b79c44c8ee315c209", "parents": [ "b33455511b7b704e848c79c9e76e28abe2509178" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed May 13 09:15:00 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed May 13 12:49:58 2015 -0700" }, "message": "New AndroidKeyStore API in android.security.keystore.\n\nThis CL addresses the comments from API Council about Android KeyStore\nKeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:\n1. These abstractions should not take or hold references to Context.\n2. The Builders of these abstractions should take all mandatory\n parameters in their constructors rather than expose them as\n setters -- only optional paratemers should be exposed via setters.\n\nThese comments cannot be addressed without deprecation in the already\nlaunched KeyPairGeneratorSpec and KeyStoreParameter. Instead of\ndeprecating just the getContext methods and Builder constructors, this\nCL goes for the nuclear option of deprecating KeyPairGeneratorSpec and\nKeyStoreParameter as a whole and exposing all of the AndroidKeyStore\nAPI in the new package android.security.keystore. This enables this CL\nto correct all of the accrued design issues with KeyPairGeneratorSpec\n(e.g., naming of certificate-related methods) and KeyStoreParameter.\n\nThis also makes the transition to API Level M more clear for existing\nusers of the AndroidKeyStore API. These users will only have to deal\nwith the new always-mandatory parameters (e.g., purposes) and\nsometimes-mandatory (e.g., digests, block modes, paddings) if they\nswitch to the new API. Prior to this CL they would\u0027ve had to deal with\nthis if they invoked any of the new methods of KeyPairGeneratorSpec\nor KeyStoreParameter introduced in API Level M.\n\nThis CL rips out all the new API introduced into KeyPairGeneratorSpec\nand KeyStoreParameter classes for Android M, thus reverting these\nclasses to the API launched in L MR1. This is because the new API is\nnow in android.security.keystore.KeyGenParameterSpec and KeyProtection\nrespectively.\n\nBug: 21039983\nChange-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c\n" }, { "commit": "292102459b07188b72575260b693fa962654aa19", "tree": "156b507790332a793b3a40b246b136328945ad14", "parents": [ "0a775ce9801f03071d1e9bcc177d79e6fe350702" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon May 11 10:31:12 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Mon May 11 11:12:34 2015 -0700" }, "message": "Fix KeyStoreTest now that begin requires parameters.\n\nKeystore\u0027s begin operation now requires parameters which describe the\noperation (e.g., algorithm, block mode, padding). This adjusts\nKeyStoreTest to provide the necessary parameters.\n\n(cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110)\n\nBug: 19509156\nChange-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f\n" }, { "commit": "a91a8504191d91d288c55821caa5bf00c9be26a2", "tree": "e7eece5120d2c08ca3321d58507d979eeca63e45", "parents": [ "1bc3c849ba5e9f23dd7e93012c4b5800b78c221b" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu May 07 10:02:22 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri May 08 11:11:43 2015 -0700" }, "message": "Cleanup keystore password changing and unlocking\n\nAdd KeyStore.onUserPasswordChanged for the lockscreen to call when\nthe user changes their password. Keystore will then handle the logic of\ndeleting keys. Instead of calling Keystore.password_uid for both\nunlocking and password changes the behavior has been split into\nKeystore.unlock and onUserPasswordChanged.\n\nChange-Id: I324914c00195d762cbaa8c63084e41fa796b7df8\n" }, { "commit": "6bf52c4271bd0483174fe3755caedb778693791e", "tree": "75d70d58aa834eab3351cacc178ffa306684d8d3", "parents": [ "0e29681f98dad8df9f772d86a848190138245f3d" ], "author": { "name": "Adam Langley", "email": "agl@google.com", "time": "Fri Apr 24 09:59:35 2015 -0700" }, "committer": { "name": "Adam Langley", "email": "agl@google.com", "time": "Fri Apr 24 10:00:45 2015 -0700" }, "message": "frameworks/base: switch to using NativeConstants.\n\nNativeCrypto is a conscrypt class that contained several OpenSSL\nconstants. NativeConstants is the new class that contains the same\nthing, but the latter is automatically generated and thus won\u0027t drift\nfrom the C headers.\n\nBug: 20521989\n\nChange-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc\n" }, { "commit": "67d21aef98bbafd0def2cacc6254e644e911c8dd", "tree": "a097193b974f69e53a2f6fa93b859a729289ff9b", "parents": [ "8704ae464a001e17275257d19eae688ff3a28892" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Apr 14 12:48:17 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Tue Apr 14 12:56:17 2015 -0700" }, "message": "Make specifying self-signed cert parameters optional.\n\nThis removes the need to specify the three parameters of the\nself-signed certificate (serial number, subject, validity range) when\ngenerating key pairs in AndroidKeyStore. This is achieved by\nproviding sensible defaults for these parameters:\n* serial number: 1\n* subject: CN\u003dfake\n* validity range: Jan 1 1970 to Jan 1 2048.\n\nBug: 18088752\nChange-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43\n" }, { "commit": "386c4e9ea976377d87950427472a593c22b1b205", "tree": "603d483f7cbe91a33a73ec680185045f5b5b313a", "parents": [ "97fce66f7d6c5803dfa49f7ab9a0d9e9b009082f", "6a5af8cf146aa1fd69449c1138c3e4008ac8b76b" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Apr 10 21:42:23 2015 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Apr 10 21:42:23 2015 +0000" }, "message": "Merge \"Fix testSaw_ungrantedUid_Bluetooth\"" }, { "commit": "6a5af8cf146aa1fd69449c1138c3e4008ac8b76b", "tree": "0c720b8a85482bb9f65e39afe6d812e1c072a8ca", "parents": [ "08d76a946b898af28f3c8125cdf4966195b718fb" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Apr 10 14:15:01 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Apr 10 14:15:17 2015 -0700" }, "message": "Fix testSaw_ungrantedUid_Bluetooth\n\nKeystore.saw returns [] on no result, not null, so the test was\nincorrectly failing.\n\nChange-Id: I22dcf85c5d6c5c0368848bc784c3215c092d9ea8\n" }, { "commit": "55f7c2770faade3543bebd833124f2f15c0f7455", "tree": "96d3f8600c4b0c80a845f87b684b94a9617a860d", "parents": [ "ba2836e6cf5a00855e470705741d9e4b9b1a9df9" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Apr 09 19:59:00 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Apr 10 08:58:38 2015 -0700" }, "message": "Track more changes to keymaster_defs.h\n\nKeyStoreTest needed to be adjusted because OCB is no longer supported.\n\nBug: 18088752\nChange-Id: I7594daaa5e97423d34726b07cc79e3ee28418d95\n" }, { "commit": "ce7ad24b6337135fd7b6ed169bb5c517d044f041", "tree": "64ee72baf4989f176e6536d760e3a485ed4663ab", "parents": [ "63dde9c88d780fc16a4f2471e405b4f5dc35823c" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Apr 02 14:41:37 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Apr 02 14:41:37 2015 -0700" }, "message": "Mark all test keys as no auth required\n\nNow that auth token checks are in keystore keys without any auth tags\nare invalid.\n\nAlso adds a test to check that a key with auth required fails when none\nis present.\n\nChange-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2\n" }, { "commit": "dae79e540844741fc35c648efe8bbb00fc8ab781", "tree": "a8d91d5261c9f7eb48cbc2fdfe2729a41e28b8b3", "parents": [ "274a4ee3446e76a34a9cfe987e98f7bf4e53f78d" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Mar 27 14:28:35 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Mar 27 14:28:35 2015 -0700" }, "message": "Allow entropy to be provided to some operations\n\ngenerateKey and begin can now optionally take an array of bytes to add\nto the rng entropy of the device before the operation. If entropy is\nspecified and the device does not support add_rng_entropy or the call\nfails then that device will not be used, leading to fallback or error\ndepending on the situation.\n\nChange-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134\n" }, { "commit": "274a4ee3446e76a34a9cfe987e98f7bf4e53f78d", "tree": "72e5c4457d88fd48f17864be47ac0792bc9d58cc", "parents": [ "ee80414d0ddd6a27bbf86e0de47dd86bc335431d", "baf2838fd2c7ddf517bd5bd9917551a4706af5b6" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Fri Mar 27 19:21:12 2015 +0000" }, "committer": { "name": "Gerrit Code Review", "email": "noreply-gerritcodereview@google.com", "time": "Fri Mar 27 19:21:13 2015 +0000" }, "message": "Merge \"Symmetric key import for AndroidKeyStore.\"" }, { "commit": "baf2838fd2c7ddf517bd5bd9917551a4706af5b6", "tree": "a421eba5106cc2cd019c303d0b0c40383fb92494", "parents": [ "6326f964769c603382ee6694b33954b4ff9b9a52" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Mar 26 14:46:55 2015 -0700" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Thu Mar 26 15:37:15 2015 -0700" }, "message": "Symmetric key import for AndroidKeyStore.\n\nAES and HmacSHA256 symmetric keys can now be imported into\nAndroidKeyStore. These keys cannot yet be used.\n\nBug: 18088752\nChange-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c\n" }, { "commit": "9f47709f8bef8f3d67e7e17e69aee2d73b4ff9ed", "tree": "9b9895ec104ca76626db00c6a48303d03987ec7a", "parents": [ "5e73c0eec2bc77222a5a87fb2a135d8303836411" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Sun Mar 22 04:45:32 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Sun Mar 22 04:45:32 2015 -0700" }, "message": "Use correct tag type for RSA exponent\n\nChange-Id: I957c4469401953d2298751c655ca8e9f95b9511d\n" }, { "commit": "5e73c0eec2bc77222a5a87fb2a135d8303836411", "tree": "7985bec0fca7c1b717aad7c0d5e46d6d39f1ba2e", "parents": [ "38fcaf4037a50225b931551a48c898c7b0bb4db2" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Sat Mar 21 22:46:43 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Sat Mar 21 23:15:20 2015 -0700" }, "message": "Make application/client id an object\n\nHaving it as a raw byte[] caused issues in keystore because keymaster\nhandles a null blob differently than a blob with null contents. Make\nthis explicit in the API.\n\nChange-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b\n" }, { "commit": "003a55a6713fd4c1fe63ae5cdb478a11016f46b4", "tree": "8ce34dac13a3efc9fe0480a34f887d14c0a14269", "parents": [ "a4c4c575c793d3ba4847107b15ce3a9dd5395878" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Mar 20 14:03:49 2015 -0700" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Mar 20 14:03:49 2015 -0700" }, "message": "Specify public exponent for RSA\n\nKeymaster no longer adds a default value, so these tests were failing.\n\nChange-Id: I9c5a8d2552534db1d7fa77965b0d675acc3ccc0a\n" }, { "commit": "8827c8173281fea21325d88922471851e31200c4", "tree": "0cefd7ec7e7c34430dfbd76838e097ce2d093914", "parents": [ "6695b9920d15f8d9a17d6b0c66b863d1c2e38584" ], "author": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Thu Mar 05 10:32:30 2015 -0800" }, "committer": { "name": "Chad Brubaker", "email": "cbrubaker@google.com", "time": "Fri Mar 06 10:27:47 2015 -0800" }, "message": "Add initial Keymaster 1.0 tests\n\nChange-Id: I3b8ef583b71056b92a876fa47556771604dae121\n" }, { "commit": "cd2329dbfa5aef82c38ffa36a478bbaf5088af92", "tree": "801a25d5636d084cdbd8c5c8589a7676328e2038", "parents": [ "aa7a646eebb9b22d1421f8b09a09669bdb10d8b7" ], "author": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jan 14 16:45:51 2015 -0800" }, "committer": { "name": "Alex Klyubin", "email": "klyubin@google.com", "time": "Wed Jan 14 16:45:51 2015 -0800" }, "message": "Remove DSA support from Android KeyStore and KeyChain.\n\nWe\u0027re switching from OpenSSL to BoringSSL which does not support DSA.\n\nBug: 17409664\nChange-Id: Id9b52666ba9ef234076105c925610b5b312988a5\n" }, { "commit": "dc8bc1160cd97ca113636ca2b4adda21e031b5bd", "tree": "33b75101f66e635dcf0dec76176e2ea7c1ae1d49", "parents": [ "07ab0871eea8e307f412f3d7433016bff4c275aa" ], "author": { "name": "Shawn Willden", "email": "swillden@google.com", "time": "Thu Sep 11 16:08:44 2014 -0600" }, "committer": { "name": "Rom Lemarchand", "email": "romlem@google.com", "time": "Sun Sep 14 17:09:47 2014 +0000" }, "message": "Correct test data size in keystore signing and verification tests.\n\nThe test is sending too much data to be signed, which should actually\nfail, and does on Volantis. Apparently the other keymaster implementors\ndo something to pass it, because shamu and hammerhead pass, but the test\nis wrong.\n\nChange-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d\n" }, { "commit": "f64386fc26efeb245fd90fabaa47b8c8bf9b4613", "tree": "7e153d67affdeaa259a932dfc89bf1e8ad154558", "parents": [ "6b34ab3f1aafc3143c71e342b7a9f5a6ddfeabb4" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 16 14:03:29 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 30 17:54:13 2013 -0700" }, "message": "Add support for DSA and ECDSA key types\n\nChange-Id: Ic6f029d66210052ce2f75d46102a100ac7db2b49\n" }, { "commit": "a920f25fe55fc9afc7640902a200f19ce278588b", "tree": "d248ebfca6085ff79f1a5cfb91a1778b4617ac82", "parents": [ "324993abed48843da1cb63063668147151e4db5c", "fca0f92e0a9c121dcf28fa783e884f1fb4993374" ], "author": { "name": "Elliott Hughes", "email": "enh@google.com", "time": "Fri Jun 28 16:41:19 2013 -0700" }, "committer": { "name": "Elliott Hughes", "email": "enh@google.com", "time": "Fri Jun 28 16:41:19 2013 -0700" }, "message": "resolved conflicts for merge of fca0f92e to stage-aosp-master\n\nChange-Id: I4791f0ffa324a313b8390fbde6d8f82f716ecf74\n" }, { "commit": "d396a448b2e36e29598c954b64bfddef73f3fae0", "tree": "c8851235188aa3e48f7069c8a6004e40b304d253", "parents": [ "5216f11e462b9f17704c0ac9e193d2149f3fa755" ], "author": { "name": "Elliott Hughes", "email": "enh@google.com", "time": "Fri Jun 28 16:24:48 2013 -0700" }, "committer": { "name": "Elliott Hughes", "email": "enh@google.com", "time": "Fri Jun 28 16:24:48 2013 -0700" }, "message": "Switch frameworks/base over from @hidden Charsets to public StandardCharsets.\n\nBug: 3484927\nChange-Id: I5d136d2ee629588538602766a182ae14ce5fc63c\n" }, { "commit": "e9ae6822a80cb1f3bd13c785f1727c03d35da52e", "tree": "b1458872d38a68b06c277276a3062bac0247509d", "parents": [ "be53f1806cf9f0ec69f785a0063227e0ed795eb8", "1f6e789b7ee9698ab8c528a393c28cce500ace04" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Apr 29 23:09:03 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Apr 29 23:09:03 2013 -0700" }, "message": "resolved conflicts for merge of 1f6e789b to jb-mr2-dev-plus-aosp\n\nChange-Id: I06c05d637613215b6d83df3e29cd495f6a5a0176\n" }, { "commit": "12e752225aa96888358294be0d725d499a1c9f03", "tree": "d716c7eedc50ccdf146aaca9b55fae969cf753ec", "parents": [ "28b1f0ee02e14241ffb81f431fc54053771c1c90" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Tue Apr 23 22:34:24 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Apr 29 15:15:27 2013 -0700" }, "message": "Track change to JSSE provider\n\nChange-Id: I35e824e47ad758ab6408e91e2ba5dcda053a82f5\n" }, { "commit": "1c219f619291ba818bc2542390a2988539d94ed0", "tree": "f9b17839a23ca3978cea2251767b4432d1d1f9a6", "parents": [ "a454c5732cacffdda53ae277b1e43d87b43044b1" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Apr 18 17:57:03 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Apr 18 18:34:58 2013 -0700" }, "message": "Rename API AndroidKey* -\u003e Key*\n\nBug: 8657552\nChange-Id: Id9102b7c2c2f6d27fba7645f0629750cfe1eb510\n" }, { "commit": "bf2147669e295384df17b50afc53a4d450b05bdd", "tree": "594236183b0a773b440972214b5dc1ddc62eada1", "parents": [ "6fb172b12eefeea4b565c616a4d0a8d1fb015217" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Apr 10 11:30:58 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@android.com", "time": "Mon Apr 15 19:33:15 2013 +0000" }, "message": "AndroidKeyStore: Add encrypted flag\n\nAdd the encrypted flag for the KeyPairGenerator and the KeyStore so that\napplications can choose to allow entries when there is no lockscreen.\n\n(partial cherry pick from commit 2eeda7286f3c7cb79f7eb71ae6464cad213d12a3)\n\nBug: 8122243\nChange-Id: I5ecd9251ec79ec53a3b68c0fff8dfba10873e36e\n" }, { "commit": "b2c0ff64d8ff92dab53e969a44fa12427d145952", "tree": "3b3139b4fd331e0ce65d245510d54c15ae3a03ae", "parents": [ "8692685a54f6bf87dadc82fbd5576cdb81ba662b" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Apr 12 17:36:25 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Apr 12 18:09:04 2013 -0700" }, "message": "Remove old KeyStore call sites\n\nRemove the call sites that don\u0027t have the flags specified. This is to\nensure that callers know what flags they\u0027re setting.\n\nBug: 8122243\nChange-Id: Ifbd178fddbf8dbd8f7b821ea739a20d056ef9fa7\n" }, { "commit": "2eeda7286f3c7cb79f7eb71ae6464cad213d12a3", "tree": "cf77426b72b1287ce66c230da7c67d2d5c8cdd8a", "parents": [ "a3788b00bb221e20abdd42f747d2af419e0a088c" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Apr 10 11:30:58 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Apr 12 15:19:48 2013 -0700" }, "message": "AndroidKeyStore: Add encrypted flag\n\nAdd the encrypted flag for the KeyPairGenerator and the KeyStore so that\napplications can choose to allow entries when there is no lockscreen.\n\nBug: 8122243\nChange-Id: Ia802afe965f2377ad3f282dab8c512388c705850\n" }, { "commit": "acb0b5b220b2cb15f5a800a356bb25f47252a6ea", "tree": "f5df06bd61e283f28dec8598115fc290fa3f75b1", "parents": [ "02c86306d2569d18a49da3d9228dacb25b1f8973" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Mar 28 15:05:03 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Mar 28 16:05:46 2013 -0700" }, "message": "AndroidKeyStore: add Builder for param spec\n\nChange-Id: I13403197e1ac7ac607efa10979eb73bde0135a2a\n" }, { "commit": "5f1d965f7d7e1df50981ffed8faa11fbcc17ca22", "tree": "b4449ba12d8e3da7e8c70edcd2b313f4798cd76c", "parents": [ "e4679750c538e982bb81f4eea2343e8bede3e118" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Mar 21 14:21:50 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Mar 21 14:24:19 2013 -0700" }, "message": "KeyStore: change migrate to duplicate\n\nAfter discussion, it was determined that duplicate would be less\ndisruptive and it still fit in the current HAL model.\n\nChange-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55\n" }, { "commit": "bd79419ef84ae31f3765721b50aa413fa462d1d1", "tree": "d2eb8242f5a770452d7100d38b6c273aac242134", "parents": [ "78ad849163a7b01073b46fbd7d818392720005d1" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Mar 20 11:36:50 2013 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Mar 20 11:57:46 2013 -0700" }, "message": "KeyStore: add \"migrate\" command\n\nTo support the WiFi service, we need to support migration from the\nsystem UID to the wifi UID. This adds a command to achieve the\nmigration.\n\nBug: 8122243\nChange-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1\n" }, { "commit": "78ad849163a7b01073b46fbd7d818392720005d1", "tree": "8b177dc6137d8264e6e1a288e726de2aab6f040a", "parents": [ "ebebb80b4a629756128b5a4fcf483133f01dbfd7" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Feb 13 17:02:57 2013 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@android.com", "time": "Wed Mar 20 16:50:06 2013 +0000" }, "message": "KeyStore: add API to uid versions\n\nIn previous commits, we added the ability to specify which UID we want to\ntarget on certain operations. This commit adds the ability to reach those\nbinder calls from the KeyStore class.\n\nAlso fix a problem where saw() was not reading all the values returned via\nthe Binder call. This changes the semantics to return a null instead of\nfailing silently when it\u0027s not possible to search.\n\nChange-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4\n" }, { "commit": "b9594ce9ebb3f5f303a280f04312ae5754ce3560", "tree": "c2d5554829d9dfce6c387a7a41a2218d5bd5f276", "parents": [ "37edbbc62fa031c75ce5a1298fdd07d981907e89" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Feb 14 10:18:38 2013 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Thu Feb 14 12:06:51 2013 -0800" }, "message": "KeyStore: stop using state()\n\nChange-Id: I721974fd95f8d1ab06a3fd1bbb4c9b4d9d1d7752\n" }, { "commit": "656f92f2c6fec008dd3131f6ec30a121b5b2a92e", "tree": "a97e794772576fa72827dcb7e265df83dfaf8b7e", "parents": [ "8b58c52bf4cc276165b1857eb4087eabde7b6477" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Feb 04 14:47:36 2013 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Feb 04 14:53:11 2013 -0800" }, "message": "AndroidKeyStore: add key wrapping test\n\nChange-Id: Ib21ab37d22689dd87f014eaa1f7919a575367cdd\n" }, { "commit": "8b58c52bf4cc276165b1857eb4087eabde7b6477", "tree": "448c4ff3315e2fc1a9c4d910c749eda002c7ce57", "parents": [ "ace72f6a37ffc232172346b3385494ef10195583" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Feb 04 14:47:23 2013 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Feb 04 14:52:23 2013 -0800" }, "message": "AndroidKeyStore: fix tests\n\nChange-Id: I65fd8ba27af57ea8fd27c8e08c9c1201f32c494d\n" }, { "commit": "58ed5d748c0b9b64845975ef5844ad313de7c3f6", "tree": "507af3879bc894eb854712a1fe6c0953805a895c", "parents": [ "9197d170b770f2b87abd0cd0e13dcf71e5a181c2", "768d9e1a72ceee7d4a5f608776b87b62d6ce4a04" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Nov 07 11:52:12 2012 -0800" }, "committer": { "name": "Android Git Automerger", "email": "android-git-automerger@android.com", "time": "Wed Nov 07 11:52:12 2012 -0800" }, "message": "am 768d9e1a: Merge \"Correct executable bit for source files\"\n\n* commit \u0027768d9e1a72ceee7d4a5f608776b87b62d6ce4a04\u0027:\n Correct executable bit for source files\n" }, { "commit": "3a084af2e90849aaa8beb3a610189e3399c63ea0", "tree": "ba4b87d227674fd68f9ea395649fde32778620f0", "parents": [ "9d547d6934f64189e368c0b190fb4cf49c95a557" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Nov 07 10:19:47 2012 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Nov 07 10:27:31 2012 -0800" }, "message": "Correct executable bit for source files\n\nMany media files and source code files were marked as executable in Git.\nRemove those.\n\nAlso a shell script and python script were not marked as executable.\n\nChange-Id: Ieb51bafb46c895a21d2e83696f5a901ba752b2c5\n" }, { "commit": "802768dd86c4e8a933dbfbac2e9f1a1daa5f93fa", "tree": "a90458054c943c102152dbc0c061a83d52c1c70c", "parents": [ "6479ecd1b24e9d5a5636130cb4b0c353b396ff0e" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Tue Aug 21 15:23:35 2012 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Aug 22 13:03:30 2012 -0700" }, "message": "Add ability to replace chain for PrivateKeyEntry\n\nFor the AndroidKeyStore API, allow entries to have their certificate\nchain replaced without destroying the underlying PrivateKey. Since\nentries are backed by unexportable private keys, requiring them to be\nsupplied again doesn\u0027t make sense and is impossible.\n\nChange-Id: I629ce2a625315c8d8020a082892650ac5eba22ae\n" }, { "commit": "db026710ec0adcf7f72dfb24c65d38a882ee26d8", "tree": "cff080fbecd17c5d6e6a60a7bc2adccbd6761b20", "parents": [ "e29df16cb57b69995df597e8a6d95d986c1c43fc" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Aug 20 10:48:46 2012 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Wed Aug 22 08:52:55 2012 -0700" }, "message": "Add KeyPairGenerator for Android keystore\n\nThis allows end-users to generate keys in the keystore without the\nprivate part of the key ever needing to leave the device. The generation\nprocess also generates a self-signed certificate.\n\nChange-Id: I114ffb8e0cbe3b1edaae7e69e8aa578cb835efc9\n" }, { "commit": "e29df16cb57b69995df597e8a6d95d986c1c43fc", "tree": "7cb7fb03ffff118dab968b483bb6d52270cf4ac9", "parents": [ "473c712b19bad992ab4eafcd43175fdce77b913d" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 10 08:28:37 2012 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Aug 20 12:44:40 2012 -0700" }, "message": "Add AndroidKeyStore provider for KeyStore API\n\nThis introduces a public API for the Android keystore that is accessible\nvia java.security.KeyStore API. This allows programs to store\nPrivateKeyEntry and TrustedCertificateEntry items visible only to\nthemselves.\n\nFuture work should include:\n\n* Implement KeyStore.CallbackHandlerProtection parameter to allow the\n caller to request that the keystore daemon unlock itself via the\n system password input dialog.\n\n* Implement SecretKeyEntry once that support is in keystore daemon\n\nChange-Id: I382ffdf742d3f9f7647c5f5a429244a340b6bb0a\n" }, { "commit": "473c712b19bad992ab4eafcd43175fdce77b913d", "tree": "53695829e6276f1ab596ec873b63e3fa9ad2c491", "parents": [ "bc11e52cafa182996a338641c86bf3a07f571b1d" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 17 21:13:48 2012 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Aug 20 09:48:41 2012 -0700" }, "message": "Add getmtime to Android KeyStore API\n\njava.security.KeyStore requires that you be able to get the creation\ndate for any given entry. We\u0027ll approximate that through using the mtime\nof the file in the keystore.\n\nChange-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f\n" }, { "commit": "96ad6cb080d0721a433d2bcb201f4a4582bf1caf", "tree": "1c74406ce7acaf2be1d06c2885cd50b62a8b7d85", "parents": [ "37548994e69292932e9e2fafb7cba6c53e3a2bcd" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 10 12:39:15 2012 -0700" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Fri Aug 10 13:40:19 2012 -0700" }, "message": "Remove useless TestRunner\n\nInstrumentationTestRunner can enumerate the test cases to run without a\nspecial TestRunner.\n\nChange-Id: I5a49413440ef191f28a21034a318d9a9e3f8174b\n" }, { "commit": "2a5b147ec8fc1235af928042bdfb78170b18067b", "tree": "9420325372005ce5d2070402a0f99dcd04d85552", "parents": [ "4faeef378e9b82a4ad0fc1d4bb923af1a4f70e4e" ], "author": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Mon Jul 30 18:44:29 2012 -0700" }, "committer": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Wed Aug 01 15:44:52 2012 -0700" }, "message": "Change KeyStore to use Modified UTF-8 to match NativeCrypto\n\nBug: http://code.google.com/p/android/issues/detail?id\u003d35141\nBug: 6869713\n\nChange-Id: I61cb309786960072148ef97ea5afedb33dc45f4e\n" }, { "commit": "5ea68db37fd5ad4e0ddc0745b4347e86f17f78db", "tree": "9ff7f7392fa6a74f2304362f173092ec342dce99", "parents": [ "dfac68eacc60c130e54345d98bd45c99573cb627" ], "author": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Tue Jul 17 23:40:49 2012 -0700" }, "committer": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Fri Jul 27 22:41:42 2012 -0700" }, "message": "Improve test key names to reproduce public issue\n\nAlso fixes other unrelated test failures.\n\nBug: http://code.google.com/p/android/issues/detail?id\u003d34577\nBug: 6837950\n\n(cherry-picked from f4019af04a1fc4b16aa5972cbcbba703caa5d78d)\n\nChange-Id: I5b32b5ccac80f04a4d0fd6b21b8caa11e42995a7\n" }, { "commit": "5423e68d5dbe048ec6f042cce52a33f94184e9fb", "tree": "77d2cc39ea7f7a856d71d79233702af3dd71dccd", "parents": [ "b2e822fc2ac87703ac12d062add62408574cbf7c" ], "author": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Mon Nov 14 08:43:13 2011 -0800" }, "committer": { "name": "Kenny Root", "email": "kroot@google.com", "time": "Tue Mar 20 09:04:33 2012 -0700" }, "message": "Add signing to keystore\n\nChange the keystore to keep the private keys in keystore. When returned,\nit uses the OpenSSL representation of the key to allow users to use it\nin various operations through the OpenSSL ENGINE that connects to\nkeystore.\n\nChange-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735\n" }, { "commit": "bef5e5aabcb6ab440829f4418d1cbc268564eee0", "tree": "c2312f4e06065bec972b66f0ad292ca0fdca5fbc", "parents": [ "5106476bbf2a8e89b47e91d60e20fd38f7fa7e85" ], "author": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Mon Jun 27 17:22:02 2011 -0700" }, "committer": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Mon Jun 27 17:22:02 2011 -0700" }, "message": "Add KeyStoreTest.testGet\n\nNow that system user can read keystore, add KeyStoreTest.testGet and update other tests to use KeyStore.get\n\nChange-Id: I364866d52c2ecf550ff26aadc6e85126318889fa\n" }, { "commit": "5cfee3fabb3482c6a6df1c8b6f21e843cf214527", "tree": "c4190f1fa809eb1e5e7d028f21be510b2a5b3980", "parents": [ "9b4157935af9e44571187a9533c2cc9b413383bf" ], "author": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Tue May 31 01:00:15 2011 -0700" }, "committer": { "name": "Brian Carlstrom", "email": "bdc@google.com", "time": "Wed Jun 01 14:29:59 2011 -0700" }, "message": "Integrating keystore with keyguard (Part 1 of 4)\n\nSummary:\n\nframeworks/base\n keystore rewrite\n keyguard integration with keystore on keyguard entry or keyguard change\n KeyStore API simplification\n\npackages/apps/Settings\n Removed com.android.credentials.SET_PASSWORD intent support\n Added keyguard requirement for keystore use\n\npackages/apps/CertInstaller\n Tracking KeyStore API changes\n Fix for NPE in CertInstaller when certificate lacks basic constraints\n\npackages/apps/KeyChain\n Tracking KeyStore API changes\n\nDetails:\n\nframeworks/base\n\n Move keystore from C to C++ while rewriting password\n implementation. Removed global variables. Added many comments.\n\n\tcmds/keystore/Android.mk\n\tcmds/keystore/keystore.h\n\tcmds/keystore/keystore.c \u003d\u003e cmds/keystore/keystore.cpp\n\tcmds/keystore/keystore_cli.c \u003d\u003e cmds/keystore/keystore_cli.cpp\n\n Changed saveLockPattern and saveLockPassword to notify the keystore\n on changes so that the keystore master key can be reencrypted when\n the keyguard changes.\n\n\tcore/java/com/android/internal/widget/LockPatternUtils.java\n\n Changed unlock screens to pass values for keystore unlock or initialization\n\n\tpolicy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java\n\tpolicy/src/com/android/internal/policy/impl/PatternUnlockScreen.java\n\n KeyStore API changes\n - renamed test() to state(), which now return a State enum\n - made APIs with byte[] key arguments private\n - added new KeyStore.isEmpty used to determine if a keyguard is required\n\n\tkeystore/java/android/security/KeyStore.java\n\n In addition to tracking KeyStore API changes, added new testIsEmpty\n and improved some existing tests to validate expect values.\n\n\tkeystore/tests/src/android/security/KeyStoreTest.java\n\npackages/apps/Settings\n\n Removing com.android.credentials.SET_PASSWORD intent with the\n removal of the ability to set an explicit keystore password now\n that the keyguard value is used. Changed to ensure keyguard is\n enabled for keystore install or unlock. Cleaned up interwoven\n dialog handing into discrete dialog helper classes.\n\n\tAndroidManifest.xml\n\tsrc/com/android/settings/CredentialStorage.java\n\n Remove layout for entering new password\n\n\tres/layout/credentials_dialog.xml\n\n Remove enable credentials checkbox\n\n\tres/xml/security_settings_misc.xml\n\tsrc/com/android/settings/SecuritySettings.java\n\n Added ability to specify minimum quality key to ChooseLockGeneric\n Activity. Used by CredentialStorage, but could also be used by\n CryptKeeperSettings. Changed ChooseLockGeneric to understand\n minimum quality for keystore in addition to DPM and device\n encryption.\n\n\tsrc/com/android/settings/ChooseLockGeneric.java\n\n Changed to use getActivePasswordQuality from\n getKeyguardStoredPasswordQuality based on experience in\n CredentialStorage. Removed bogus class javadoc.\n\n\tsrc/com/android/settings/CryptKeeperSettings.java\n\n Tracking KeyStore API changes\n\n\tsrc/com/android/settings/vpn/VpnSettings.java\n\tsrc/com/android/settings/wifi/WifiSettings.java\n\n Removing now unused string resources\n\n\tres/values-af/strings.xml\n\tres/values-am/strings.xml\n\tres/values-ar/strings.xml\n\tres/values-bg/strings.xml\n\tres/values-ca/strings.xml\n\tres/values-cs/strings.xml\n\tres/values-da/strings.xml\n\tres/values-de/strings.xml\n\tres/values-el/strings.xml\n\tres/values-en-rGB/strings.xml\n\tres/values-es-rUS/strings.xml\n\tres/values-es/strings.xml\n\tres/values-fa/strings.xml\n\tres/values-fi/strings.xml\n\tres/values-fr/strings.xml\n\tres/values-hr/strings.xml\n\tres/values-hu/strings.xml\n\tres/values-in/strings.xml\n\tres/values-it/strings.xml\n\tres/values-iw/strings.xml\n\tres/values-ja/strings.xml\n\tres/values-ko/strings.xml\n\tres/values-lt/strings.xml\n\tres/values-lv/strings.xml\n\tres/values-ms/strings.xml\n\tres/values-nb/strings.xml\n\tres/values-nl/strings.xml\n\tres/values-pl/strings.xml\n\tres/values-pt-rPT/strings.xml\n\tres/values-pt/strings.xml\n\tres/values-rm/strings.xml\n\tres/values-ro/strings.xml\n\tres/values-ru/strings.xml\n\tres/values-sk/strings.xml\n\tres/values-sl/strings.xml\n\tres/values-sr/strings.xml\n\tres/values-sv/strings.xml\n\tres/values-sw/strings.xml\n\tres/values-th/strings.xml\n\tres/values-tl/strings.xml\n\tres/values-tr/strings.xml\n\tres/values-uk/strings.xml\n\tres/values-vi/strings.xml\n\tres/values-zh-rCN/strings.xml\n\tres/values-zh-rTW/strings.xml\n\tres/values-zu/strings.xml\n\tres/values/strings.xml\n\npackages/apps/CertInstaller\n\n Tracking KeyStore API changes\n\tsrc/com/android/certinstaller/CertInstaller.java\n\n Fix for NPE in CertInstaller when certificate lacks basic constraints\n\tsrc/com/android/certinstaller/CredentialHelper.java\n\npackages/apps/KeyChain\n\n Tracking KeyStore API changes\n\tsrc/com/android/keychain/KeyChainActivity.java\n\tsrc/com/android/keychain/KeyChainService.java\n\tsupport/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl\n\tsupport/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java\n\ttests/src/com/android/keychain/tests/KeyChainServiceTest.java\n\nChange-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d\n" }, { "commit": "34c47c855815d731e6deb55748ff690b0ec7b53f", "tree": "3e6a6668f093bcf88bba3bb6c8e4438a212ceea8", "parents": [ "15b3287994b92bb9bff10e65a56bc8a663d0e05d" ], "author": { "name": "Nick Kralevich", "email": "nnk@google.com", "time": "Tue Mar 09 13:28:14 2010 -0800" }, "committer": { "name": "Nick Kralevich", "email": "nnk@google.com", "time": "Wed Mar 10 11:25:53 2010 -0800" }, "message": "Don\u0027t rely on the system locale for converting to/from bytes.\n\nBy default, when java converts Strings to bytes, it uses the\ndefault system locale. This can be specified by the -Dfile.encoding\noption. If no file encoding is specified, java uses ISO8859_1.\n\nUnfortunately, not all unicode characters can be mapped to\nISO8859_1. Unmappable characters may be replaced by a byte\nwithin ISO8859_1, which may change the meaning of the String.\nThis is especially problematic for password strings, and has\nbeen used to compromise the security of passwords in the\npast.\n\nThankfully, Android uses UTF-8 by default, so this bug doesn\u0027t\neffect Android devices. However, it\u0027s recommended to explicitly\nlist the character set when converting to/from bytes to\navoid the potential ambiguity.\n\nChange-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8\n" }, { "commit": "64ef1ce9368985932f4cc7a06b3af585394c5cc6", "tree": "cc29959241a730bee5dd0faa42fe400439e051aa", "parents": [ "cdc045dd6da3db8d4ba83560a1bbe27c2ef1e5b2" ], "author": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Tue Feb 09 15:48:03 2010 -0800" }, "committer": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Tue Feb 09 15:48:03 2010 -0800" }, "message": "Fix for bug 2427961\tandroid.security.tests.SystemKeyStoreTest:testBasicAccess is failing.\nFixed issues in test.\n" }, { "commit": "d02546b4151214abb2db1c88bf7debfc70bd2421", "tree": "706596caff37b2f9ba6c04da64bf3b98172da00e", "parents": [ "851b2e75e600a7e3f557b46c4c48c11da025d1f4" ], "author": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Thu Jan 14 16:38:40 2010 -0800" }, "committer": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Fri Jan 15 15:08:06 2010 -0800" }, "message": "Apps on SD card.\nAdded support for retrieving and generating keys as Hex Strings.\nUsing keys to mount encrypted FS.\n" }, { "commit": "b62e8132df0d19a39a700324475b3df2de78e0b0", "tree": "e5679e990fc995de73fc2c35dd03082c0efd7ebb", "parents": [ "013b9c249dbcb5ca293c5cfe6a0e7908ced32418" ], "author": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Thu Jan 14 16:38:40 2010 -0800" }, "committer": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Fri Jan 15 11:16:31 2010 -0800" }, "message": "Apps on SD card.\nAdded support for retrieving and generating keys as Hex Strings.\n" }, { "commit": "8da98e30d8b2ae6e203f769dab0d6ec34cab3011", "tree": "16dcc138f20b9880b4eff88eb4f47743c29b683f", "parents": [ "5e3f6caeb08c54fb79f427a528e084711652bbdb" ], "author": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Wed Jan 06 11:35:59 2010 -0800" }, "committer": { "name": "Oscar Montemayor", "email": "oam@google.com", "time": "Wed Jan 06 16:23:57 2010 -0800" }, "message": "Apps on SD card project.\nA simple keystore to store system-only key material, by leveraging file system access permissions.\n" }, { "commit": "f35e9663d7bdae523953185b4ad6b6f9e8e7d6ca", "tree": "ea3c0019085dceed51740c940a2b33b14c5e6f3a", "parents": [ "1a3c8950394b98f6f354456830208d70e87b8bb6" ], "author": { "name": "Chung-yih Wang", "email": "cywang@google.com", "time": "Tue Sep 29 11:20:28 2009 +0800" }, "committer": { "name": "Chung-yih Wang", "email": "cywang@google.com", "time": "Tue Sep 29 15:20:24 2009 +0800" }, "message": "Add unit test for the new keystore.\n\nSince we need to test the keystore with user system in order to test\nthe reset(), password(), lock() and unlock(), we have to take advantage\nof the ActivityUnitTestCase to run the test with the user \u0027system\u0027.\n" } ] }