This cleanly separates out the underlying C++ code and allows clients
to depend only on the safe wrapper.
Test: keystore2_crypto_test
Test: keystore2_crypto_test_rust
Change-Id: I730ebe22ac66287a5650a36b7aeb61c69172e0f8
Since Android R, Parcel provides read/write methods for "@nullable"
values using std::optional.
Bug: 149784838
Test: m
Change-Id: I343841e690ed2d00548bb2ad623e07fa26823214
This patch adds a key id lock. load_key_entry now returns a key id
guard, and database operations, that manipulate key entries require
a valid guard. This is mainly used to make upgrading the key blob
atomic.
This patch also adds key upgrade to wrapped key import and adds a helper
function, that hides the upgrade-required-retry logic.
Test: keystore2_test
Change-Id: I3f816817c731b89acb651b7d9a5fcacdd46c567f
We are using SecurityLevel, KeyParameter, and HardwareAuthenticatorType
from the KeyMint spec now, instead of defining our own versions of these
types.
Test: keystore2_test
Change-Id: I0080382cb3619f7153ea3a6e49bb7b5f4b23f15b
There was a bug by which we could end up spinning in an endless loop in
the case where finalized operations were still considered for pruning.
We try to check the outcome of an operation and refrain from considering
it for pruning if it is confirmed finalized and awaiting garbage
collection.
We also made a tweak to the pruning strategy, that allows clients to
cannibalize their own operations if no other slot can be found. This is
catering to the Java Keystore SPI which has no synchronous way of
aborting an operation. The CTS test actually spawns many operations that
it does not intend to finalize. It simply drops the corresponding crypto
object, which then might linger until the garbage collector decides to
clean up.
Test: Cts test passes without throwing backend busy exceptions.
Change-Id: I05ee231d22877a166107e5d02c88501d0fb6bf13
We now store key parameters in the database and returns sets of
authorizations to the keystore client's.
We also switched to mostly using the SecurityLevel type from the KeyMint
AIDL spec, rather then the temporary one from the Keystore 2.0 AIDL
spec.
Test: This enables some of the CTS test e.g. from
atest android.keystore.cts.CipherTest
Change-Id: I0a13063b397a5ad835fecea0e6b44a98845c05be
This patch adjusts keystore2 to use rust bindings generated from the
KeyMint AIDL spec instead of using pregenerated bindings.
Bug: 160623310
Test: keystore2_test
Change-Id: I77bb0426991381535f9dbe4f32e7e137a8eb7df3
This patch adds code for certificate generation with boringssl.
This is required for the Keymaster to KeyMint legacy wrapper.
Bug: 171351607
Test: keystore2_crypto_test
Change-Id: Id2d35be04cb5ab8c4e6b0597f5a970150ab9e69b
This module uses a name that conflicts with the about
to land keymint AIDL spec. This patch renames this
temporary module to allow the keymint spec to land.
Test: Still compiles.
Change-Id: I4aa9a2fb125b2111f778e0182615ab29d2c9fe85
Add C++ versions of the BoringSSL crypto functions we need (copied
from keystore) and create Rust wrappers for them.
Test: atest keystore2_test
Change-Id: I21ff8630df26ca73ae36395c5303270e96a6deb6
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to remove
from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: I54fce50d3fb9d3ba02eae312c478bac419a46ede
This patch makes the keystore2 daemon start conditionally based on the
platform property ro.android.system.keystore2.enable.
This is patch can be reverted when the Keystore 2.0 migration is
complete. b/171563717
Bug: 171563717
Bug: 171305684
Test: The keystore2 daemon is running if the property
ro.android.system.keystore2.enable is set and true
and not running otherwise.
Change-Id: I2b3d6c70f45f3dafb9edb6f2f6960be94e13ed20
This patch adds a boilerplate Keystore 2.0 service. It is configured to
run on the device but does not provide any useful service yet.
It provides basic functionality for generating, importing and using
keys, but it still lacks full Keystore functionality.
Test: VtsKeystore2V1_0TargetTest (in followup CL)
Bug: 160623310
Bug: 160930114
Bug: 160930117
Bug: 160930331
Bug: 159465122
Change-Id: I7dfa2f2f63f4da3af620aff2ec99c0cba3bda6fd
These two files add some utility functions and a thread local reference
to a database connection.
Test: None
Change-Id: I34fdf977deb233571b9a0c6d50da20e47593d6a5
The aidl to rust generator now generates tuple structs with associated
constants as variants. This patch adjusts the existing Keystore 2.0
codebase to this change.
In the process one more variant was added to the
implement_key_parameter_conversion_to_from_wire! macro and the
indentation was fixed.
Test: keystore2_test
Change-Id: I2639c76d4da7401f6799180e1bfcb3e420341628
Remove pregenerated file android_security_keystore2.rs and
reconfigure the build to use the generated target
android.security.keystore2-rust instead.
Test: keystore2_test
Change-Id: Iad24cab05ef35ccc766f7342225d4b79e8051ada
This CL provides the fix for the issue reported in b/169959923.
Bug: 169959923
Test: tested using statsd_testdrive script.
Change-Id: I3fe42e85abd0976782795ad4fa13a804702624d6
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.
Ignore-AOSP-First: This needs to land in googleplex first to updated
prebuilt vendor images. Otherwise it breaks
aosp-with-phone builds.
Test: N/A
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
The list permission is special keystore2 permission that allows
callers to list arbitrary namespaces. It is not a key or namespace
specific permission.
Test: N/A
Merged-In: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
Change-Id: Ie0a29d8b08c53977ae2ed04d042868044d2c34c5
For communicating with keymint and SPI.
This CL also moves all test modules to the bottom of the file.
Bug: 167744352
Test: Unit tests
Change-Id: I085dbe68076ba361c4d89f63de87c3b2f05627bc
