KeyMint.generateKey requires a challenge to be passed when a key
blob is also passed. The test missed this, and was thus failing on
compliant HALs.
Bug: 301223273
Test: keystore2_test
Change-Id: Icf7a32683c85d87fddd7d05ba07a110bb4e38c79
Removed `libkeymint_vts_test_utils` and its dependent libs from static
libs list and added only `libkeymint_vts_test_utils` in shared libs
list.
Test: m libkeystore2_test_utils; atest keystore2_client_tests; atest keystore2_test_utils_test;
atest keystore2_test
Bug: 194359114
Change-Id: Iab4b8c174af81a8c64a9f44fcd634d54f78773da
New devices will no longer have hwservicemanager installed as part of
HIDL deprecation. So this service must not crash when it's not found.
From keystore2's perspective, this is the same as not having the HIDL
Keymaster HALs installed.
Test: remove hwservicemanager from
device/google/cuttlefish/shared/device.mk && launch_cvd
Bug: 298454031
Change-Id: I4c7cefd388936aff821cff572a8af1b6f69f82d1
Also remove benign logging when there are multiple strong
biometrics.
Test: adb logcat on CF while adding/removing user/pwd
Change-Id: I777404d566990a4a604554133c0d87abba2200bc
Instead of listing all the possible parameters, put them in a struct
(as the C API does).
This means callers only have to list the ones they use, and a new
parameter doesn't require all clients to change.
Bug: 291241882
Test: atest -p in diced
Change-Id: I7c4925385e30ba9fcec0dc188747a23d7df614d7
Symbols for Android in open-dice now use the DiceAndroid* prefix rather
than the Bcc* prefix. This does not migrate the whole library away from
the legacy BCC nomencalture.
Test: TH
Change-Id: I878de15f663ee2bcb678db12475cae6c45fc8b87
We publish a prebuilt rkp_factory_extraction_tool online, so we should
only dynamically load the libraries that we cannot avoid (e.g. libdl)
Test: built and ran tool
Change-Id: Id109e12dde841797169f0a4e54fa2ede558da252
We will be publishing more tools for partners, and they should live
together. With that in mind, move the rkp_factory_extraction_tool dist
to "rkp/" instead of "rkp_factory_extraction_tool/".
Test: Built it
Change-Id: Ic86fe555a75dfe12a4cae1b4be48c33bae95ecbb
These will soon be required by a lint.
Some functions were incorrectly marked as safe which were not actually
safe, so I've fixed those too.
Bug: 290018030
Test: m rust
Change-Id: I38df6a8162d430617f123ab1aace38b741458fce
Rework the defaults to avoid enabling vendor_available, apex_available,
or host_supported in the "_nostd" libraries, where they shouldn't be
used as the static libraries built from these modules aren't distributed
through APEXes or vendor code and are not expected to be compatible with
the host.
Bug: 293260907
Test: mmma external/open-dice
Change-Id: Ia922ed6b8d525c89724a5dc70bbd0d9621f1ba92
Changes made in keystore2-client-tests to verify the key characteristics
of generated and imported keys.
Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: I30c1fb2bdb1d69d321d356453d895db73347acde
KeyMint spec requires unique ID rotation to happen every 30 days (or
more precisely 2592000000 milliseconds) starting at UNIX epoch time.
Keystore is also supposed to set the RESET_SINCE_ID_ROTATION to indicate
"whether the device has been factory reset since the last unique ID
rotation".
However, instead Keystore sets RESET_SINCE_ID_ROTATION if there has been
a factory reset in the last 30 days counting back from now, which is
different and will give one extra UNIQUE_ID value in a subsequent
period:
For example, if there's a factory reset (marked as :) in the 3rd period
(periods delimited by |), the first half of the 4th period will have
RESET_SINCE_ID_ROTATION set and get a different UNIQUE_ID value than it
should:
Want = | A | B | C : C2 | D | ...
Get = | A | B | C : C2 | D2 : D | ...
Bug: 289774200
Test: keystore2_test
Change-Id: I156de902931915cd1ae7ad2eba63fd0276f15ae0
Sync was incorrectly implemented for AuthRequest, allowing simultaneous
access to a Receiver from multiple threads despite it not being
threadsafe. Use a Mutex instead to do this safely.
Bug: 290018030
Test: m rust
Change-Id: I6f43f13d5f36bdbafc9bd910a1ebadbb1366009d
Now that fsverity_init is no longer used, it can be removed.
For more details, see https://r.android.com/2662658.
Bug: 290064770
Test: presubmit
Change-Id: I9a90a7141d708ea8aaeefc54288083ee5a0f52ff
