Bug: http://b/197965342
These fuzzers depend on libhidlbase.so which already depends on
libutils.so. Moving to shared dep for them doesn't increase their
shared-library closure. Using libutils.a instead causes build failures
with upstream lld because lld tries to fetch symbols from libutils.a to
resolve undefined symbols from libhidlbase as well.
Test: cherry-pick aosp/2036867 and `mma system/keystore`
Change-Id: I4a2d215736867032a13686c31978eaeec17fc15a
The KeyMint HAL will soon be updated for a new version, which will in
turn induce a version bump for the keystore2 AIDL interface. To make
this process easier, add cc_defaults that references the "current"
version, and use this elsewhere. This should hopefully mean that a
future version bump only needs to happen in the defaults.
Test: TreeHugger
Change-Id: I8999de92443fd121a9515dccde8d76094dc93023
keystore/keystore_cli_v2.cpp uses std::get_if<> from <variant>. But it
doesn't include it but relies on the indirect inclusion of
AIDL-generated header. It should include it directly.
Bug: n/a
Test: m
Change-Id: I895bcdc69f10bc9f16a4c7c37adba6eaaf892c74
Added SPDX-license-identifier-Apache-2.0 to:
keystore/tests/fuzzer/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: If7701aa8e0125aa6829c42a7dedb0efd1832ace4
Future addition of extra curves means that key size is not enough to
identify the particular EC curve required. Use the EcCurve enum instead.
Test: m keystore_cli_v2, TreeHugger
Change-Id: Iaf6a3378a5431030fa002ed986ec67f4b18f801e
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibeb4178f99857be75bb5f83a073a2d679058d921
* Fix keystore_cli_v2 and have it installed on the device by default
again.
* Fix confirmationui invocation test by statically linking dependencies.
Bug: 188450250
Test: atest confirmationui_invocation_test
run any keystore_cli_v2 command
Merged-In: I7097646b6714214782cf15c51dffb7368d62761b
Change-Id: I7097646b6714214782cf15c51dffb7368d62761b
The root of the problem is that in some cases credstore would
pass auth- and verification-tokens to the Identity Credential
HAL without first having obtained a challenge via
IIdentityCredential.createAuthChallenge(). This makes it
impossible for the TA to validate the verification token for
freshness.
This is easily fixed by simply ensuring createAuthChallenge()
is called (and the returned challenge is used in the requested
verification token) whenever dealing with ACPs using user
authentication.
Additional issues / changes:
- During Android 12 development, an use-after-free bug was
introduced in Credential.cpp L120.
- keystore's getTokensForCredstore() had some bugs in how to
select an auth-token, in particular mixing authTokenAgeMillis
(milliseconds) with time_t values (seconds)
- as a result, keystore would sometimes return tokens older
than what credstore requested. This wasn't actually problem
because the TA would check it anyway.
- we now precisely define semantics in IKeystoreService.aidl
- Another potential use-after-free bug was found in
Credential.cpp L767
None of the fixes for these bugs affect CTS or VTS tests.
Bug: 181893400
Test: atest android.security.identity.cts on emulator
Test: atest android.security.identity.cts on crosshatch (w/ Android 11 era HAL)
Test: CtsVerifier's Identity Credential Authentication test crosshatch (w/ Android 11 era HAL)
Change-Id: I45a3fd16eff3b6a232d8b8c88f2e3dd3619a9c03
Since Android R, Parcel provides read/write methods for "@nullable"
values using std::optional.
Bug: 149784838
Test: m
Change-Id: I343841e690ed2d00548bb2ad623e07fa26823214
These are APIs that have @UnsupportedAppUsage but for which we don't
have any evidence of them currently being used, so should be safe to remove
from the unsupported list.
Bug: 170729553
Test: Treehugger
Change-Id: I54fce50d3fb9d3ba02eae312c478bac419a46ede
This CL provides the fix for the issue reported in b/169959923.
Bug: 169959923
Test: tested using statsd_testdrive script.
Change-Id: I3fe42e85abd0976782795ad4fa13a804702624d6
On certain device configurations the security level reported by the
Keymaster HAL differs from the security level understood in KeyStore.
Namely, on devices with only a software Keymaster, KeyStore will set it
in the TEE slot, and create a new in-process legacy Keymaster for the
software slot.
This change introduces a field to keymaster worker to represent the
security level that KeyStore understands this worker to operate on.
Bug: 167412989
Test: atest CtsKeystoreTestCases
Change-Id: Ifeaa4782913be45d89cdd175a02302c7dc318719
This file maps to about 4 minutes and 15 seconds of tests within
Keystore to be added to presubmit.
Bug: 158797959
Test: atest --test-mapping
Change-Id: I3cb6614d3f3b3fe43f326f50e2dfa915a1b81d21
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Merged-In: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
Change-Id: I16cac8c4ee950adc330659dcb648052e8b2b41a2
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: Iede72341b0f4c80199c9e16cef96a5d98bca8754
Merged-In: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Merged-In: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
Recent versions of Clang will flag this use of `count` in namespace
`std` as ambiguous due to the existence of `std::count`. To remove this
problem, we can switch to the commonly used `N` for array sizes.
Bug: http://b/155835175
Test: m with aosp_blueline
Change-Id: I983180b6e2e94dadb095f531e13ea415468ee104
This is the third CL on sending keystore logging to statsd.
This creates the logs for key attestation events.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: I412ac59fd6bb2dbcb380f8579740d02ce2fd8790
This is the second CL on migrating keystore logging to statsd.
This migrates the logging for key operation events.
Three new ResponseCodes are added for the logging purpose of the
abort operations.
Test: Adding tests for logging is yet to be decided.
Change-Id: I68c1d89beeb733e4b6ba493b8d95935b7e73df60
Bug: 157664923
This is the first CL on migrating keystore logging to use statsd.
This migrates the logging for key creation events
(generation/import).
A work-around is implemented to handle repeated fields via bitmaps
because statsd does not support repeated fields as of now.
Test: Adding tests for logging is yet to be decided.
Bug: 157664923
Change-Id: I76900eb2abec627afb80573cda25340186e9f244
Change-Id: Id23724cfbd21dca8ef5fd77e5712c0bc2e727f4b
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.
Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.
Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Merged-In: Id6cb6812a31d968069b7d72bd2b39b512d38d241
Change-Id: I6d75a4fd5cf3607f08dee33da7db5f0f20923656
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.
Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.
Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
Allow base device properties that are not unique IDs and don't
require special permission to be attested from any process.
Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I45eeda0eac725fd0ad28caf25a5a183fe117fabb
Attesting (only) to device properties is allowed without special
permission (android.permission.READ_PRIVILEGED_PHONE_STATE) since
base device properties should be accessible to everyone. For
unique identifying IDs attestation the permission is still needed.
Test: atest CtsKeystoreTestCases
Bug: 152945378
Change-Id: I8395e0c18cfc91916a172d20dd6049c7c027e8d9
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.
Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
run.
Merged-In: Idb8a200dc2963e1085e9fddd0c565c5172465e65
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
(cherry picked from commit 21f452c372)
(cherry picked from commit aad9178b57)