In https://android-review.googlesource.com/c/platform/system/security/+/1698833
we added a check only for client keys. However, this means that on application
deletion only the keystore keys related to the application are unbound and the
attestation keys get orphaned.
Through this change, I am planning to unbind the attestation keys related to
the application as well.
Change-Id: I1c9d1ac6d6943cc53f5d74653e3da72cd4f2adf7
Test: atest keystore2_test
BUG: 232534682
Revert submission 2101265-b/233338216
Reason for revert: Breaks tests: b/233588299
Reverted Changes:
I6f7a61ee3:Fix encoding of PubKeyEd25519
I544d9086f:Verify that the VM-generated BCC is valid
Change-Id: Ifb93514c1bef186d82f7b8ce3eb175655514b79b
- Forced operation creation with all slots filled with normal operations
- Forced operation creation with all slots filled with forced operations
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I493ea1c25d09597c44add430a20b5ca9c983e8d3
Key ops should be an array rather than an integer
(https://datatracker.ietf.org/doc/html/rfc8152#section-7).
Bug: 233338216
Test: atest android.compos.test.ComposTestCase#testOdrefreshSpeed
Test: atest diced_open_dice_cbor_test
Change-Id: I6f7a61ee3828c3dc766f15c67950565081ba158e
Added SPDX-license-identifier-Apache-2.0 to:
keystore2/tests/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: I816f5ba7db5e359b97f1bd0222ca43eebacfc4d1
Creates multiple child procs and creates opearations in it and
parent proc waits for all child procs operations status, expects
one or more opearations to fail with backeend busy error.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I52f95a7cfd031d80c88bfc2ca478a26572f40150
A rust_defaults "keystore2_use_latest_aidl_rust" that includes the latest
Keystore2 AIDL library. Modules that depend on Keystore2 directly can include
this rust_defaults to avoid managing dependency versions explicitly
Test: Compile
Change-Id: Iabe9af743c4ceb787db42ff7cc619bab97ec55c4
To allow for testing, read the rkp_only properties every time instead
of caching the value. This allows the RemoteProvisioner tests to alter
the property, moving the device in and out of rkp-only mode.
Test: RemoteProvisionerUnitTests
Bug: 27306369
Change-Id: If9a616fd36095175f4aea07c897c67a11eb04bcf
A value for the salt is present in all code paths:
- All callers of `Password::derive_key` pass a `Some(..)` value for the
salt. Remove this `Some` everywhere and...
- Change the signature of `derive_key` to expect a `&[u8]` for `salt`
rather than an `Option<&[u8]>`.
- `Password::derive_key` is the only caller of `generateKeyFromPassword`
(via bindgen to C++-land), so...
- Make it clear that the C++ `generateKeyFromPassword()` function
expects 16 bytes of `salt`.
Bug: 172121323
Test: compile, TreeHugger
Change-Id: I41966cce96b5371785680c13bacfc5f95969372a
An empty key pool should not allow fallback to the batch key if the
vendor indicates the system is rkp only.
Additionally, if the system is misconfigured (e.g. marked as rkp only
and has no remotely provisioned component hal) then we should insist
on checking RKP keys anyway. This will result in the given system
always returning OUT_OF_KEYS, which will fail various tests.
Test: keystore2_test
Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I027bc56ff167abf99b18be01dccf05f90dd07f2a
The wrong tag was included in the km_compat layer filter code for
key generation tags. This prevented the INCLUDE_UNIQUE_ID tag from
being passed to keymaster, breaking unique id attestation on platforms
with keymaster (keymint functionality was correct).
Test: KeyAttestationTest
Fixes: 228851969
Change-Id: I81ef55bb92c9869102a741e64375b883c3443224
Added SPDX-license-identifier-Apache-2.0 to:
keystore2/tests/legacy_blobs/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ifc2e14a9b60e364323794eaa5a8c181c4f0a78ee
We write these records into odsign-metrics.txt. This
will later be read by system_server and sent to statsd.
comp_os_artifacts_check_record_ field in StatsReporter points to the
bufer which is later flushed to the file inm the dstructor.
Test: statsd_testdrive 19
Bug: 202926606
Change-Id: Ic6eca7e788a21120a0abca27b056e8ca355ac55a
This change leverages the ro.remote_provisioning.rkp_only system
property in order to determine whether or not the system has fallback
keys. If there are no fallback keys, then ks2 will now return
OUT_OF_KEYS as a ResponseCode to the caller over the binder interface.
This will allow the caller to call generateKey() on the
RemoteProvisioner AIDL interface, blocking until the call is returned.
At this point, keys will either have been provisioned, or an actionable
error can be routed back to the developer.
Bug: 227306369
Test: atest RemoteProvisionerUnitTests
Change-Id: I8f5bc5add4ab895ab95c9e4e70e6fc9fa4422da5
Allow an application to either have an selinux permission or a
privileged application permission to request a unique id attestation.
Eventually, we will remove the sepolicy permission. However, until
GMSCore is updated to pick up the new permission, keep the policy
around.
Test: KeyAttestationTest
Bug: 216778747
Change-Id: I2401ca630d1599f0399b47e1fd9dd88d78318b95
- authorizations: helper struct to create set of key authorizations
- key_generations: helper methods to generate various keys.
Test: N/A
Change-Id: I23250838b7b6d8ad59f5ef8682861a07e856299f
Bug: http://b/197965342
These fuzzers depend on libhidlbase.so which already depends on
libutils.so. Moving to shared dep for them doesn't increase their
shared-library closure. Using libutils.a instead causes build failures
with upstream lld because lld tries to fetch symbols from libutils.a to
resolve undefined symbols from libhidlbase as well.
Test: cherry-pick aosp/2036867 and `mma system/keystore`
Change-Id: I4a2d215736867032a13686c31978eaeec17fc15a
Unless the loader actively ensures the key change on factory reset, omit
the resettable (-70004) property from the config descriptor. By the time
diced gets involved, it's just along for the ride and it was down to the
earlier stages to enforce resetting across factory reset.
Test: atest system/security/diced
Bug: 225177477
Change-Id: I728774843cf0f4468bc7e98ccb29c27c1e808da5
