Attesting (only) to device properties is allowed without special
permission (android.permission.READ_PRIVILEGED_PHONE_STATE) since
base device properties should be accessible to everyone. For
unique identifying IDs attestation the permission is still needed.
Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I8395e0c18cfc91916a172d20dd6049c7c027e8d9
Without this extra information passed upfront it's not practical to
implement a HAL which incrementally builds up cryptographically
authenticated data.
This information is conveyed by using two new methods on version 2 of
the Identity Credential HAL. If these methods are not implemented (if
a version 1 HAL is running) the invocation fails and we handle this
gracefully by just ignoring the error.
Bug: 154631410
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I17d516e41e800f58daa4c11dcca0305c80740d5b
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.
Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
run.
Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
(cherry picked from commit 21f452c372)
(cherry picked from commit aad9178b57)
The implementation of the Identity Credential TA in constrained
environments may need to incrementally update the HMAC-SHA256 of
DeviceAuthencation CBOR to avoid keeping the entire CBOR structure in
memory. To do this they need to calculate the derived key before
starting to build the CBOR so they need access to the signingKey
earlier on. Update credstore to pass the signingKey earlier.
Bug: 150390415
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Change-Id: If2479a10f80fba748591c30aa7b8662e1063787e
This reverts commit 7fd8e853e9.
Test: still see keystore process running
Bug: 112038744
Bug: 150267620
Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
If there were no secure keymasters on a device, but software keymasters
offered, then keystore would shuffle the software keymaster to the
TRUSTED_ENVIRONMENT securityLevel keymaster slot and generate a software
fallback keymaster. This change lets the software keymaster slot occupy
both the default and software slot. A fallback keymaster implementation
should only be invoked if there actually is no other keymaster
implementation.
Bug: 148773266
Test: atest KeyChainTests:com.android.keychain.tests.BasicKeyChainServiceTest#testAttestKeySucceedsOnGeneratedKey -- --abi x86
Change-Id: Ia845b6d8be85dcd6dfd3aecbb1dbda972e9cfff2
This is the first part of the update, adjusting keystore to use the
KM4.1 interface, but not call any of the new methods. That will come
in a subsequent CL.
Test: CtsKeystoreTestCases
Change-Id: Ib7486aad46c144471a1607eec31b8df1059a511d
Merged-In: Ib7486aad46c144471a1607eec31b8df1059a511d
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
Cancelling an APC request from the app side must lead to a callback to
unblock the caller.
Bug: 138655142
Bug: 148411844
Test: atest confirmationui_invocation_test
Change-Id: If71ffc7d3d75dde6f0217ccdb003569149947ec8
Increment the rate limiting counter when the application sends an abort
message.
Bug: 138655142
Test: Ran keystore_unit_tests and manually checked behavior of
keystore application with confimrationui.
Merged-In: I5f3af166391a32748a26f7709d30a5ac718499c0
Change-Id: I5f3af166391a32748a26f7709d30a5ac718499c0
The results of TEMP_FAILURE_RETRY can be negative in an error
case. But we were assigning it to an unsigned size_t, and
thus our check to see if it was negative would always be false.
We switch to storing this result in a signed ssize_t, so we'll
properly handle a negative return value. As long as we're
never writing more than 2GB (ssize_t max on a 32-bit system),
this shouldn't be a problem.
Test: TreeHugger
Change-Id: I3d417fab7c3ee7557221f9757567379d1b8cb6da
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.
This daemon runs as an unprivileged user, credstore.
The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.
Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047