Keystore no longer transitions to the database directory as its working
directory. This allows keystore to start before data is mounted.
Test: keystore starts and early.
Change-Id: I98272fb0e97e8fe93eb87a657286681c78d28a60
This change adds a uuid field to map keys to KM devices to the keyentry
table. For now, the security level reported by the KeyMint instance's
hardware info is uased as uuid until the hardware info returns an
actual uuid. This security level may differ from the security level
requested by keystore clients in some situations, e.g., when running a
pure software implementation or on chrome os.
Test: atest keystore2_test
Change-Id: I4b9556804eb6a435ac48d5929fc238e22c23d94d
Allow storing certificates without keys.
Also allow deleting subcomponents by setting corresponding arguments to
None.
Test: KeyStore CTS and keystore2_test
Change-Id: Ie3c937941c6dd6d4a43cd86273cce4f0d7880ca6
Respect input consumed by KeyMint device and call update in a loop
until all input was consumed.
Test: Keystore CTS tests.
Change-Id: If7bcb019fe5f22d69e2d87d2ba56d597131e318c
We need a way to distinguish between tags that are enforced by KeyMint
with security level "SOFTWARE" and tags that are not enforced by
KeyMint but are expected to be enforced by KEYSTORE.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8a88d661bca0125ee149276f6b9cb0017a1c9b12
The km compatibility test only makes sense on devices that actually have
legacy keymaster. With this patch we skip all the tests if no connection
can be established.
Test: keystore2_km_compat_test
Change-Id: I6cfd52a0410fe1b13f5df4be11d23ef4ea223296
Some of the permission tests only pass on cuttlefish because its
system_server is permissive. This fix makes them pass on real devices.
Test: keystore2_test
Change-Id: I3cca0cf7ca30276eb75fa1d86a9243ee65d3d588
Now using mostly KeyMint error codes and a safe conversion function.
Test: keystore2_km_compat_test_cpp
Change-Id: I43ec848a8ee5544fcc8e79a4af0690e45bc28095
When keys are loaded by grant they may be used by key id subsequently.
This patch adds a check of the grant database when loading the access
tuple. If one is found the access vector is populated allowing
the permission callback to perform access control based on the grant.
Test: keystore2_test
Change-Id: If70dfbc035aed5aa3842663d475b489df3e3dd4e
The legacy wrapper would attempt to self sign certificates based on key
purpose and authorization requirements. But there are keys that meet
those but still fail due to impossible parameter combinations such as
PKCS 1.5 padding with no digest.
With this patch we perform a ephemeral key signature when the self
signing attempt fails so that the key generation can still commence
successfully.
This patch also adds some error logging and revisits some of the error
handling code in the legacy wrapper.
Test: atest android.keystore.cts.SignatureTest\
#testAndroidKeyStoreKeysHandledByAndroidKeyStoreProviderWhenSigning
Change-Id: I3be017636ae9fc61374e47f47a1e1fc5b266f6e2
Notifying the garbage collector directly from the DB breaks the unit
test because the GC implicitly uses the global DB instance.
This moves GC notification outside of the KeystoreDB.
Also remove #[!allow(dead_code)] from database.rs.
Test: keystore2_test
Change-Id: Ia2812d47ccee05309aaa91063d0d99c853596ea1
This patch revisits the Keystore 2.0 enforcements module to support
KM4.1 hardware enforced device locked keys.
* Consolidate the background handler into async_task.
* The auth token handler became AuthInfo and was moved into
enforcements.rs.
* The auth token validity check moved from database.rs to
enforcements.rs.
Bug: 171503362
Test: Keystore CTS tests
Change-Id: If37d38183901b356242079af812c7a0e1e79abf3
