* Fix keystore_cli_v2 and have it installed on the device by default
again.
* Fix confirmationui invocation test by statically linking dependencies.
Ignore-AOSP-First: No merge-path from AOSP
Bug: 188450250
Test: atest confirmationui_invocation_test
run any keystore_cli_v2 command
Merged-In: I7097646b6714214782cf15c51dffb7368d62761b
Change-Id: I7097646b6714214782cf15c51dffb7368d62761b
Why?: 1) Returning an int array is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.
Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: Ibf86864a5df1608a39f438745dde6f2f8c296b66
The value of the error code is not intended to be used
in checks, and instead isOk() should be used. A few places
were found which used the error codes directly via the
cast operator. To make it less likely this will happen
in the future unintentionally, the cast operator is being
removed. Some code still wants to access the error code
directly, such as when logging, so getValue() is added
for these cases.
Bug: 119771891
Test: Built for walleye successfully, basic operations with
keystore_cli_v2 tool work correctly.
Change-Id: I46e82d66dc4932472d8a5b2749ece08e398e7c88
Since the keystore AIDL interface became asynchronous we need a thread to handle the
callbacks.
With this patch keystore_backend_binder starts a thread pool when a
backend is created.
Also change keystore_cli_v2 to use startThreadPool instead of starting a
binder thread explicitely.
Bug: 111443219
Change-Id: Ic5b19d95f51a24d823825d5874ec85eeabd9ef5f
With asynchronous keystore we need a binder thread to take the callback
from keystore.
Bug: 111443219
Test: manually tested by calling keystore_cli_v2
Change-Id: Ibac2d3d176090bbfd1548899bf670d83d3ab6215
This patches changes the keystore to use the asychronous api model for
begin, update, finish, and abort.
Also removes unused class KeystoreArguments (aidl and implementation).
Test: Keystore CTS tests
Bug: 111443219
Change-Id: Icc6def9ff6dbe32193272d7d015079a006ebc430
The argument --prompt_text was parsed as an ASCII string which does not
reflect the aspired featrue set.
Also fixes a typo in an error message
Bug: 74806224
Test: manually tested
Change-Id: Ie534ea03fbe36b74c9584647b52b50f852e7dbb3
This code implements new keystore APIs for confirmations.
Also add new 'confirmation' verb to the keystore_cli_v2 command to be
used for testing confirmations. It will block until there's a
callback. Example invocations:
phone:/ # keystore_cli_v2 confirmation --prompt_text="Hello World" --extra_data=010203 --ui_options=1,2,3
Waiting for prompt to complete - use Ctrl+C to abort...
Confirmation prompt completed
responseCode = 0
dataThatWasConfirmed[30] = {0xa2, 0x66, 0x70, 0x72, 0x6f, 0x6d, 0x70, 0x74, 0x6b, 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, 0x65, 0x65, 0x78, 0x74, 0x72, 0x61, 0x43, 0x01, 0x02, 0x03}
phone:/ #
If a prompt is already being shown, the |OperationPending| return code
(code 3) is returned:
phone:/ # keystore_cli_v2 confirmation --prompt_text="Hello World" --extra_data=010203 --ui_options=1,2,3
Presenting confirmation prompt failed with return code 3.
Canceling a prompt:
phone:/# keystore_cli_v2 confirmation --prompt_text="Hello World" --extra_data=010203 --cancel_after=1.5
Sleeping 1.5 seconds before canceling prompt...
Waiting for prompt to complete - use Ctrl+C to abort...
Confirmation prompt completed
responseCode = 2
dataThatWasConfirmed[0] = {}
Bug: 63928580
Test: Manually tested.
Change-Id: Ida14706ad066d5350b9081eb7821c7b1a1472dd2
Keymaster4 introduces security levels. Android devices
may have multiple keymaster implementations, one for each
possible security level, where the presence of a strong
security level implies the presence of all lower levels.
This patch adds code that enumerates all keymaster device
implementations available from ServiceManager and populates
Keystore's keymaster device database with at most one keymaster
implementation per security level. It gives precedence to
newer versions if multiple implementations exist for the same security
level.
The security level is chosen by a set of flags passed to the keystore
operations generate, import, addRngEntropy.
For existing keys the right security level is chosen by the blob flags.
To that end a new flag KEYSTORE_FLAG_STRONGBOX was added, and the
security level is expressed through a combination of
KEYSTORE_FLAG_FALLBACK (F) and KEYSTORE_FLAG_STRONGBOX (S).
Encoding is as follows:
F S
Software 1 X (don't care)
TEE 0 0
Strongbox 0 1
Some operations in keystore cli2 where amended with the optional
--seclevel flags. Allowing the user to chose the security level for the
given operation. Possible options are "software", "strongbox", and "tee"
where tee is the default value.
Test: Existing KeyStore CTS tests run
Change-Id: I01ef238f5e7067e480cf9b171630237236046bb1
This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition. In the process
of porting, keystore underwent some changes:
* Keystore got a new implementation of AuthorizationSet that is fully
based on the new HIDL data structures. Key parameters are now either
organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly,
this was a mixture of keymaster's AuthorizationSet,
std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The
former is used for memory management and provides algorithms for
assembling, joining, and subtracting sets of parameters. The latter
is used as wire format for the HAL IPC; it can wrap the memory owned
by an AuthorizationSet for this purpose. The AuthorizationSet is
accompanied by a new implementation of type safe functions for
creating and accessing tagged key parameters,
Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
response codes. Keystore has two sets of error codes. ErrorCode
errors are less than 0 and use 0 as success value. ResponseCode
errors are greater than zero and use 1 as success value. This patch
changes ResponseCode to be an enum class so that is no longer
assignable to int without a cast. The new return type can only be
initialized by ResponseCode or ErrorCode and when accessed as int32_t,
which happens on serialization when the response is send to a client,
the success values are coalesced onto 1 as expected by the
clients. KSSreturnCode is also comparable to ResponseCode and
ErrorCode, and the predicate isOk() returns true if it was initialized
with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
success, regardless of the input, internal errors, or lack of
permissions.
* The marshalling code in IKeystoreService.cpp was rewritten. For data
structures that are known to keymaster, the client facing side of
keystore uses HIDL based data structures as (target) source
for (un)marshaling to avoid further conversion. hidl_vecs are used to
wrap parcel memory without copying and taking ownership where
possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
of the old HAL). The new implementations avoid explicit use of
malloc/new and waive the use of pointers for return values. Instead,
functions return by value objects that take ownership of secondary
memory allocations where required.
Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts
Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
Set padding mode to PAD_NONE for AES when using
non GCM block ciphers.
BUG=27555165
Change-Id: I11cd860a9aee01aea1699ef149bde4af5cfa746e
Signed-off-by: Sourabh Banerjee <sbanerje@codeaurora.org>
Enforcement of this tag may be nuanced. E.g. HW may not allow decryption
with a signing key, but may not control for example, restricting an AES
key to encryption-only.
Bug: 27309299
Change-Id: Ie0a49ddb033f5a95f0943bbc3b4bbd2fbf9bcedb
Also drop some of the tags that were being checked but aren't strictly
required to be hardware-backed.
Testing for 0.3 basically means not running AES or HMAC tests.
BUG=27309299
Change-Id: Ie885027af287c878d185514f302985433667c09f
Actually, this change eliminates the need to update keystore_cli_v2
every time a tag is added, which also has the effect of supporting
KM_TAG_ALLOW_WHILE_ON_BODY.
Change-Id: I15dd4ec4b7cab52dba43ec5d0afc6f8caf922389
The test can be run with the command:
keystore_cli_v2 brillo-platform-test
Test results will be printed to stdout and the exit code will be the
number of failed tests.
BUG=24751339
Change-Id: I2cfe2ca034fa3aa76e7f39488ebbf40482ecb5b9
This Cl adds authenticated encryption and decryption methods which
require minimal inputs. These methods are suitable for encrypting local
state on brillo.
BUG: 23528174
TEST=manual using the keystore_cli_v2 tool
Change-Id: I41abcd77452e86b1eb7373f9db95b645100e2f0f
KeystoreClient is designed to give native brillo services convenient
access to keystore services. This CL also includes a command line tool
that uses the KeystoreClient interface. This was used for testing but
can also be enhanced to be generally useful.
BUG: 23528174
TEST=manual tests using keystore_cli_v2
Change-Id: I6266d98cfc7c4936f803a8133020c032bc519a5b