Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / a3788b00bb221e20abdd42f747d2af419e0a088c^! / . / keystore / java / android / security / KeyStore.java
commita3788b00bb221e20abdd42f747d2af419e0a088c[log] [tgz]
authorKenny Root <kroot@google.com>Wed Apr 10 10:37:55 2013 -0700
committerKenny Root <kroot@google.com>Wed Apr 10 23:36:13 2013 -0700
tree227a48273035bfbf5f7d1beb53a43c1340bb7418
parentf8a67f4f5dd4c5499a6e7148331f0286e31203ec [diff] [blame]
keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

Bug: 8122243
Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608

diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java
index 852f0bb..309d3d3 100644
--- a/keystore/java/android/security/KeyStore.java
+++ b/keystore/java/android/security/KeyStore.java

@@ -40,6 +40,9 @@
     public static final int UNDEFINED_ACTION = 9;
     public static final int WRONG_PASSWORD = 10;
 
+    // Flags for "put" and "import"
+    public static final int FLAG_ENCRYPTED = 1;
+
     // States
     public enum State { UNLOCKED, LOCKED, UNINITIALIZED };
 
@@ -87,15 +90,19 @@
         }
     }
 
-    public boolean put(String key, byte[] value, int uid) {
+    public boolean put(String key, byte[] value, int uid, int flags) {
         try {
-            return mBinder.insert(key, value, uid) == NO_ERROR;
+            return mBinder.insert(key, value, uid, flags) == NO_ERROR;
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
             return false;
         }
     }
 
+    public boolean put(String key, byte[] value, int uid) {
+        return put(key, value, uid, FLAG_ENCRYPTED);
+    }
+
     public boolean put(String key, byte[] value) {
         return put(key, value, -1);
     }
@@ -185,28 +192,36 @@
         }
     }
 
-    public boolean generate(String key, int uid) {
+    public boolean generate(String key, int uid, int flags) {
         try {
-            return mBinder.generate(key, uid) == NO_ERROR;
+            return mBinder.generate(key, uid, flags) == NO_ERROR;
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
             return false;
         }
     }
 
+    public boolean generate(String key, int uid) {
+        return generate(key, uid, FLAG_ENCRYPTED);
+    }
+
     public boolean generate(String key) {
         return generate(key, -1);
     }
 
-    public boolean importKey(String keyName, byte[] key, int uid) {
+    public boolean importKey(String keyName, byte[] key, int uid, int flags) {
         try {
-            return mBinder.import_key(keyName, key, uid) == NO_ERROR;
+            return mBinder.import_key(keyName, key, uid, flags) == NO_ERROR;
         } catch (RemoteException e) {
             Log.w(TAG, "Cannot connect to keystore", e);
             return false;
         }
     }
 
+    public boolean importKey(String keyName, byte[] key, int uid) {
+        return importKey(keyName, key, uid, FLAG_ENCRYPTED);
+    }
+
     public boolean importKey(String keyName, byte[] key) {
         return importKey(keyName, key, -1);
     }