Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
Previous CLs to move keymaster wrappers broke the build (but somehow
not in my tree, nor in TreeHugger's build).
Test: Build
Change-Id: I0494e1e38ee7e8806f3758d533b6b1e3a6c576d1
This wrapper was used to manage KM3/KM4 compatibility in keystore.
It's also needed in vold, so this CL moves it here, to make it usable
for vold.
Test: keystore CTS tests
Change-Id: I8079b8577f7d4a8fd67f47fbe1f48861e4a0734b
Removing whenever I see these in code reviews.
Test: none
Merged-In: I4322f533a837d55618ec2ed2125e8966ace9d61d
Change-Id: I4322f533a837d55618ec2ed2125e8966ace9d61d
This CL merely duplicates all of the Keymaster V3.0 functionality and
VTS tests, and provides a pure software implementation of the 4.0 HAL,
which passes the VTS tests. Future CLs will remove some cruft and
unused features, then add new features and accompanying tests.
Note that the reason that this is V4.0 rather than V3.1 is because V4.0
will not be fully backward compatible with V3.0. Specifically, V4.0
will allow for "StrongBox" implementations, which will only provide a
subset of Keymaster functionality. StrongBox versions of Keymaster will
be implemented in discrete, special-purpose hardware which will
generally be much less powerful (slower, less RAM, etc.) than is needed
to support a full Keymaster implementation.
So, while the V4.0 interface will be a strict superset of the V3.0
interface, which could normally be best implemented as an extension, it
will allow StrongBox implementations which are unable to pass the V3.0
test suite, which means that it will not be true that a V4.0
impementation IS-A V3.0 implementation, as would be expected of a V3.1
implementation. The V4.0 test suite will distinguish between StrongBox
and non-StrongBox implementations and enforce appropriately-reduced
requirements on the former.
In addition to the duplication, 4.0 also cleans up some cruft from 3.0:
- Removes tags and types which were in previous versions but never
used;
- Removes support for wrapping pre-Treble keymaster HALs with KM4,
since they'll only be wrapped by the default KM3 implementation;
- Renames the ROLLBACK_RESISTANT tag to ROLLBACK_RESISTANCE and
defines new semantics for it;
- Changes auth token handling to use the HardwareAuthToken struct
passed in as an explicit argument to the relevant methods,
rather than an opaque byte vector provided as a KeyParameter;
- Updates the VTS tests to use a gtest "environment" for better
integration with VTS test infrastructure;
- Adds a test for upgradeKey.
- Makes comment formatting more consistent, including using the
correct two-space typographical convention to separate sentences.
Bug: 63931634
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I3f01a4991beaa5c4332f72c91e8878a3bf0dec67
Remove self from test ownership and transfer to new owners as agreed.
Test: none
Bug: 69425312
Change-Id: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
Merged-In: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
OpenSSL changes error code of large RSA data from
KM_ERROR_INVALID_INPUT_LENGTH to KM_ERROR_INVALID_ARGUMENT which causes
HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge tests failed.
Fix keymaster VTS to accept both the error codes.
Bug: 68289922
Test: HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLargeHidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge
and HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge are
passed after applying this modification and other Keymaster 3.0
VTS test cases are not affected.
Change-Id: I493bfa1c6e4b69560dfae3585a416b5c3d33e215
Failed cases:
AttestationTest.RsaAttestation
AttestationTest.EcAttestation
Analysis:
The verify_attestation_record() in Keymaster_hidl_hal_test.cpp calls
parse_attestation_record() to set the value of att_challenge. It fails
to compare att_challenge with challenge by memcmp.
Because setToExternal() method uses buffer pointer to local variable
(record), not use memcpy to copy into itself buffer in
parse_attestation_record(). When it leaves the parse_attestation_record(),
we will get the att_challenge which is null buffer to compare with challenge
incorrectly.
Fix: use memcpy to copy the buffer.
Bug: 65039571
Test: build passed. VtsHalKeymasterV3_0Target -> PASSED: 106, FAILED: 0.
Change-Id: I700a9242cc9a5f4cb196b62860823601e4088531
KM0 supports only asymmetric encryption. And for those we cannot
distinguish between imported and generated keys.
This patch adds correct handling for KM0 origin tags.
Test: run vts test with wrapped km0 module from
system/security/softkeymaster
Bug: 67358942
Bug: 67363396
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I7f5ddd21dde284dbfbd68b3b83fb75c1457dbd59
Some RSA operation tests expect ErrorCode::INVALID_ARGUMENT
and others ErrorCode::INVALID_INPUT_LENGTH for the same
diagnosed syndrome, i.e., the input message was too long.
This patch relaxes the expectations on one of these tests
expecting ErrorCode::INVALID_INPUT_LENGTH, to also accept the
more consistent ErrorCode::INVALID_ARGUMENT.
Bug: 67358942
Bug: 67359132
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I573d3a01b052f0256611064f23ae791007cf7122
This patch adds swillden@ and jdanis@ as owners of keymaster/3.0/vts
and keymaster/3.0/default.
Test: No code changed
Change-Id: I04bc0f741e8fafd53aee7c9dd62954548b81263d
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.
Test: succeeded building and tested on a walleye device
Bug: 36796459
Change-Id: I4e8fbee791ec917a8f627a1366f4d44ec7e6febc
This test now statically links to libs not guaranteed to be on the
device.
Bug: 64040096
Test: vts-tradefed run commandAndExit vts --skip-all-system-status-check
--skip-preconditions --module VtsHalKeymasterV3_0Target
Change-Id: I6a7b8c116153f18f61a71e5b5bef98343a4de43b
Update the Android.bp generated with hidl-gen.
Test: build with and without BOARD_VNDK_VERSION=current
Bug: 63866913
Change-Id: I1a9db1df49e0f13c5790da2b118ae9ec63ba34a7
Allow HAL definition libs to be static.
Bug: 32920003
Bug: 64040096
Test: update-all-google-makefiles.sh
Change-Id: I1483d572bea6799717d1614fb7d52fe225e31104
A pair of tests that send corrupted data to keymaster were disabled
because they cause a reboot on Angler and Bullhead. Because VTS is not
being run on those devices, I'm enabling them.
Separately, I'm going to get this bug triaged as a security
vulnerability, which may result in a fix being forthcoming. As a simple
functional defect, the vendor refused to fix the old devices.
Bug: 33385206
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I3bdea4e9756d3f77d54de09fd7ed2de04edeb1fd
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Merged-In: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Support for 256 bit RSA keys are not mandated by keymaster specs and
must not be used in the VTS tests.
Bug: 62581389
Change-Id: If315088db2752ac2efe31fdb95db7ca13c3ce225
The attestation version cannot be infered from the keymaster version
because we provide software attestation for legacy keymaster 1 keys.
This patch changes the attestation test to expect either attestation
version 1 or 2.
Bug: 37351644
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I4db83a543db20191d288b2ca8308aa6597cd8e22
DeleteKey may legitimately return ErrorCode::UNIMPLEMENTED rather than
ErrorCode::OK, but the VTS test didn't allow that in all cases. In many
case the return code was also left unchecked.
Test: adb shell/data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Bug: 62193967
Change-Id: I19a90a87850675b0700baf7409e57098e0584d54
Fix a build breakage by renaming libkeymaster to
libkeymaster_staging. fugu's vendor tree already had
a libkeymaster.so which masked system/keymaster/libkeymaster.
Bug: 37997750
Change-Id: Ie478726bf81e965be64fb913844b881064e9b66c
libkeyamster1 was split into libkeymaster and
libkeymaster_portable.
Also removed UniquePtr usage from keymaster hal.
Bug: 37467707
Test: keymaster vts test and keystore cts test
Change-Id: Ic660586d3d9cfd20022a9c694f276da89e796e5d
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Merged-In: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
Change-Id: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Change-Id: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
libkeyamster1 was split into libkeymaster and
libkeymaster_portable.
Test: keymaster vts test and keystore cts test
Change-Id: Ia117199f07f6d55d35b2ae781ebab62386006474
Keymaster 3.0 VTS test required that deleteKey returns
ErrorCode::OK even if the key blob parameter is invalid or garbage.
The rationale is that deleteKey shall have the invariant that
key blobs are unusable after the deleteKey call. If it was unusable
before, this invariant is upheld.
This patch makes the legacy wrapper for the Keymaster HAL translate
an ErrorCode::INVALID_KEY_BLOB retuned by the legacy delete_key to
ErrorCode::OK.
Bug: 37351644
Test: Manually run VtsHalKeymasterV3_0TargetTest with legacy keymaster
HAL installed (tested with sailfish)
Change-Id: Ib22c8b8e10334770a1d4a5570acf16c2c52a6c60
This is a follow-up to change I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c,
where manufacturer and model were added to the set of attestable device
IDs.
Bug: 37522655
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: Ied4246f4fc490feb2093f04c268aab83c8e1326d
The keymaster service is required by vold which starts very early
during boot up. This leads to the dependency loop:
init->installkey->vdc->vold->keymaster-service->init
This patch resolves this issue by adding service keymaster to the class
early-hal which will get started right after hwservicemanager on devices
that get treble.
Bug: 35764921
Test: Device boots. And lshal shows that service keymaster has two
clients, keystore and vold.
Change-Id: Id0b6722de900b5513d46adb81d76b02fa6e155df
The tests added verify that a generated key is no longer usable
after it was
- explicictely deleted with deleteKey, or
- all keys where deleted with deleteAllKeys.
Bug: 32022681
Test: make vts -j30 BUILD_GOOGLE_VTS=true TARGET_PRODUCT=aosp_arm64 &&
vts-tradefed run commandAndExit vts --skip-all-system-status-check
--primary-abi-only --skip-preconditions
--module VtsHalKeymasterV3_0TargetTest -l INFO
Change-Id: I172ee5d3ccf1850c3c92d3a1a9e991f46b07a0e3
Note: Recent Google devices have keymaster implementations that don't
pass this test suite. See https://goo.gl/6hsGwa for a summary.
Bug: 32022681
Test: This is the test suite.
Change-Id: Ib200b68e0c7844df02eb9f086385d6c36e306d45
Auth tokens have an unfortunate dual character. To most of the system
they are opaque blobs that are intended only to be obtained from one
HAL (e.g. gatekeeper or fingerprint) and passed to another
HAL (keymaster), but keystore actually needs to extract some bits of
information from them in order to determine which of the available blobs
should be provided for a given keymaster key operation.
This CL adds a method that resolves this dual nature by moving the
responsibility of parsing blobs to the HAL so that no component of the
framework has to make any assumptions about their content and all can
treat them as fully opaque. This still means that the various HAL
implementers have to agree on content, but they also have to agree on an
HMAC key which much be securely distributed to all at every boot, so
asking them to agree on an auth token format is perfectly
acceptable. But now the Android system doesn't have to care about the
format.
Bug: 32962548
Test: CTS tests pass, plus manual testing.
Change-Id: I78aa6e4ea9c5d8f34906b0969909387e2c5894e6
This is needed to support the keystore statistics gathering initiative.
It will allow us to get information about what kinds of keymaster
implementations exist in the ecosystem, and which ones fail in which
ways.
Bug: 36549319
Test: Will add to VTS tests
Change-Id: I49ee4623656060d69a6de7723b11cd715150451a
delete_key is optional and may not be implemented by
a legacy hal. So the function pointer must be checked for
nullptr prior to being used.
Bug: 36500704
Test: run VTS tests with legacy hal that does not implement delete_key
Change-Id: Ie51dd173314826ef260319153c7df96d88b8a42f
Discussions have shown that in addition to brand, device and product,
we should also allow devices to attest their manufacturer and model.
Bug: 36433192
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c
The getService() and registerAsService() methods of interface objects
now have default parameters of "default" for the service name. HALs
will not have to use any service name unless they want to register
more than one service.
Test: marlin boots
Bug: 33844934
Change-Id: I6533e4fe0e63e2d0b0158148f5e438bb4b6b5886
KeyStore.generateKey() takes an entropy parameter. This is optional
and can be null. That is how KeyStore used to work but a recent
refactor made us always feed the entropy to keymaster, even if it
is empty (null or byte[0] on the Java side). This CL makes us ignore
such empty entropy again.
We only noticed this because a recently added GTS test that happens
to set the entropy to null is failing on some hardware (other
keymaster implementations silently ignore this invalid attempt to
set entropy).
Bug: 35156555
Test: gts-tradefed run gts --module GtsGmscoreHostTestCases
--test com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: Iadaf40e69350c17dd18e4dc2a1dab97fa911e1bf
We need google shims on the vendor partition because they are providing
an implementation of a vendor defined interface. They were written by
google just as a courtesy/to make the transition easier. They're
basically a set for vendors to assemble their hal implementations
from.
Bug: 34135607
Test: marlin persist.hal.binderization on/off
Change-Id: I2e2af5af39264cf290259755bb9b2eb9827a21f5
This adds device id attestation to the Keymaster 3.0 HAL. Device
id attestation must only be offered if the device can permanently
destroy device ids on request. The default implementation cannot
do this because it lacks storage that would survive device wipes.
Hence, the implementation refuses all device id attestation requests.
Bug: 34597337
Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest
Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2
Threadpool can now be configured/joined if needed with
configureRpcThreadpool() / joinRpcThreadpool().
Bug: 31226656
Test: mma
Change-Id: I0d7d9924cc8c8851cc2b61ebdae906204909890e
The default implementation loads the device's legacy keymaster hal
and wraps in a softkeymasterdevice if the capabilities of the
device is less than keymaster 2.
Test: builds
Bug: 32020919
Change-Id: Ia7e274673b77c2712c386d573715ed3725b0c158
