* Fix keystore_cli_v2 and have it installed on the device by default
again.
* Fix confirmationui invocation test by statically linking dependencies.
Bug: 188450250
Test: atest confirmationui_invocation_test
run any keystore_cli_v2 command
Merged-In: I7097646b6714214782cf15c51dffb7368d62761b
Change-Id: I7097646b6714214782cf15c51dffb7368d62761b
The root of the problem is that in some cases credstore would
pass auth- and verification-tokens to the Identity Credential
HAL without first having obtained a challenge via
IIdentityCredential.createAuthChallenge(). This makes it
impossible for the TA to validate the verification token for
freshness.
This is easily fixed by simply ensuring createAuthChallenge()
is called (and the returned challenge is used in the requested
verification token) whenever dealing with ACPs using user
authentication.
Additional issues / changes:
- During Android 12 development, an use-after-free bug was
introduced in Credential.cpp L120.
- keystore's getTokensForCredstore() had some bugs in how to
select an auth-token, in particular mixing authTokenAgeMillis
(milliseconds) with time_t values (seconds)
- as a result, keystore would sometimes return tokens older
than what credstore requested. This wasn't actually problem
because the TA would check it anyway.
- we now precisely define semantics in IKeystoreService.aidl
- Another potential use-after-free bug was found in
Credential.cpp L767
None of the fixes for these bugs affect CTS or VTS tests.
Bug: 181893400
Test: atest android.security.identity.cts on emulator
Test: atest android.security.identity.cts on crosshatch (w/ Android 11 era HAL)
Test: CtsVerifier's Identity Credential Authentication test crosshatch (w/ Android 11 era HAL)
Change-Id: I45a3fd16eff3b6a232d8b8c88f2e3dd3619a9c03
Since Android R, Parcel provides read/write methods for "@nullable"
values using std::optional.
Bug: 149784838
Test: m
Change-Id: I343841e690ed2d00548bb2ad623e07fa26823214
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to remove
from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: I54fce50d3fb9d3ba02eae312c478bac419a46ede
This CL provides the fix for the issue reported in b/169959923.
Bug: 169959923
Test: tested using statsd_testdrive script.
Change-Id: I3fe42e85abd0976782795ad4fa13a804702624d6
On certain device configurations the security level reported by the
Keymaster HAL differs from the security level understood in KeyStore.
Namely, on devices with only a software Keymaster, KeyStore will set it
in the TEE slot, and create a new in-process legacy Keymaster for the
software slot.
This change introduces a field to keymaster worker to represent the
security level that KeyStore understands this worker to operate on.
Bug: 167412989
Test: atest CtsKeystoreTestCases
Change-Id: Ifeaa4782913be45d89cdd175a02302c7dc318719
This file maps to about 4 minutes and 15 seconds of tests within
Keystore to be added to presubmit.
Bug: 158797959
Test: atest --test-mapping
Change-Id: I3cb6614d3f3b3fe43f326f50e2dfa915a1b81d21
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: Iede72341b0f4c80199c9e16cef96a5d98bca8754
Merged-In: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Merged-In: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Recent versions of Clang will flag this use of `count` in namespace
`std` as ambiguous due to the existence of `std::count`. To remove this
problem, we can switch to the commonly used `N` for array sizes.
Bug: http://b/155835175
Test: m with aosp_blueline
Change-Id: I983180b6e2e94dadb095f531e13ea415468ee104
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
Bug: 157664923
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: I76900eb2abec627afb80573cda25340186e9f244
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.
Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.
Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Merged-In: Id6cb6812a31d968069b7d72bd2b39b512d38d241
Change-Id: I6d75a4fd5cf3607f08dee33da7db5f0f20923656
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.
Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.
Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
Allow base device properties that are not unique IDs and don't
require special permission to be attested from any process.
Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I45eeda0eac725fd0ad28caf25a5a183fe117fabb
Attesting (only) to device properties is allowed without special
permission (android.permission.READ_PRIVILEGED_PHONE_STATE) since
base device properties should be accessible to everyone. For
unique identifying IDs attestation the permission is still needed.
Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I8395e0c18cfc91916a172d20dd6049c7c027e8d9
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.
Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
run.
Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
(cherry picked from commit 21f452c372)
(cherry picked from commit aad9178b57)
This reverts commit 7fd8e853e9.
Test: still see keystore process running
Bug: 112038744
Bug: 150267620
Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
Merged-In: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
We punting support for extra certificate to S.
Test: boot
Bug: 112038744
Change-Id: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507
Merged-In: I3bc342a7df0c47c02494ef6fdae24e7ad00a8507
This reverts commit 7fd8e853e9.
Test: still see keystore process running
Bug: 112038744
Bug: 150267620
Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
If there were no secure keymasters on a device, but software keymasters
offered, then keystore would shuffle the software keymaster to the
TRUSTED_ENVIRONMENT securityLevel keymaster slot and generate a software
fallback keymaster. This change lets the software keymaster slot occupy
both the default and software slot. A fallback keymaster implementation
should only be invoked if there actually is no other keymaster
implementation.
Bug: 148773266
Test: atest KeyChainTests:com.android.keychain.tests.BasicKeyChainServiceTest#testAttestKeySucceedsOnGeneratedKey -- --abi x86
Change-Id: Ia845b6d8be85dcd6dfd3aecbb1dbda972e9cfff2
This is the first part of the update, adjusting keystore to use the
KM4.1 interface, but not call any of the new methods. That will come
in a subsequent CL.
Test: CtsKeystoreTestCases
Change-Id: Ib7486aad46c144471a1607eec31b8df1059a511d
Merged-In: Ib7486aad46c144471a1607eec31b8df1059a511d
