Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.
Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer
Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307
This library is expensive and getting info from it should be delegated
to service manager.
Test: showmap $(pidof credstore) # before and after
Bug: 280829178
Change-Id: I26524e2c519a869b4cd5bd44b16f92cc8e29f50d
These libraries are only used by this process on a device and gain no
benifit from being included as shared libraries.
Moving them to static saves disk space, memory, and cpu cycles from the
dynamic linker.
With 3 reboots before and after I'm seeing average savings of 419KB of
storage space from installed files, 84KB private dirty memory,
485KB PSS from libraries/binary only, and 496KB PSS from everything in showmap.
go/shared-to-static for more info on how this was determined.
Test: m
Bug: 280829178
Change-Id: Ib22870d3c291e3063872934a1431b0827d67833c
Now we'll get error codes bubbled up from rkpd (via the remote
provisioning system service). Convert those errors into meaningful
keystore errors so clients can act on them.
Test: keystore2_tests
Test: RkpdAppIntegrationTests
Test: CtsKeystoreTestCases:android.keystore.cts.KeyStoreExceptionTest
Bug: 264888027
Change-Id: Ib574fe4da0443f32f95f8579c4a308d36fe4b46f
On ubsan targets an overflow bug caused credstore to fail when
converting current time since the Epoch to milliseconds. Fix this by
using __builtin_mul_overflow() which detects overflow and bail if that
were to happen. The error path is not going to get hit until for
another 292 million years at which time credstore may or may not be
around but better safe than sorry.
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 262860870
Bug: 262910256
Bug: 264728880
Bug: 264729215
Change-Id: I5efb036f078cae9e4e03406bbdf4ce66572ad716
Fixes:
- Revert to pre-RKPD behavior of getting an attestation key each time
a credential is created.
- Revert to pre-RKPD behavior of falling back to factory key.
- Check RKPD feature flag each time before calling into RKPD.
- Correct service name used to call into RKPD.
- Add another thread to handle async responses from RKPD.
- Switch to new RKPD build flag "remote_provisioning.enable_rkpd".
Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: Idc11abb3c0e46de1a77609969e8539e9e96549d5
This change adds support for specifying that an AuthKey should be
replaced if it's going to expire within a certain amount of time
configurable by the application. This also adds a way for the
application to learn about the expiration time of currently configured
AuthKeys.
Combined these two changes allow an application to get a perfect
picture of which AuthKeys are available, when they expire, and allows
the application to refresh AuthKeys well ahead of expiration dates.
Also remove checking storeStaticAuthenticationDataWithExpiration() is
only available on HAL version 3 and later (feature version 202101 and
later). This works on any HAL version.
Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Ic8274088035c31f73ad61645ee5e0281b3460837
This change uses new API in Identity Credential HAL version 5 and
later to obtain the mdoc ECDSA authentication signature and pass it to
the framework API.
Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I4bb8ba8c4a46a91791af9e0e48c81894d896a2d0
Properly encode an sessiontranscript from P-256 EC Public Key, in
particular ensure that the resulting sessiontranscript which includes an valid P-256 EC public key is expected.
Was able to reproduce this with about 1% failures running a test.
After the fix didn't get a failure in 1,000 runs.
This bug is similar with AOSP patch "identity: Fix uncompressed form encoding of P-256 EC Public Key."
Bug: 239857653
Test: atest --rerun-until-failure 1000 android.security.identity.cts.ReaderAuthTest#readerAuth
Change-Id: Id5ce46977cf3b6ce6c43beda657cd26b24969fe5
Call out to keystore and request remotely provisioned attestation keys.
This reduces our dependence on factory-provisioned attestation keys.
Test: CtsIdentityTestCases
Bug: 194696876
Change-Id: Ief07750ef6b2a465060c64207063568b9a51af68
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: Icdc0f41021c5f07ed349e0421179718f9db20e67
android.hardware.identity-V4-cpp depends on the keymint cpp lib, so
we need to also link to it to satisfy all the link-time dependencies.
Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: Id686ac33a4112880b205c5c612fd8b51d2715e3b
Also fix a bug so the same AuthKey is used for several getEntries()
calls on a credential. This matches the behavior in the Jetpack.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I344f44b5655f0977ee650b518ce669e3c8a7b47a
This allows for easier bumping of the KeyMint version level.
At the moment this change should have no effect: the same dependency
is used, just reached via a default rather than explicitly.
However, when the KeyMint version increases in the near future, using
this default should mean that no change is needed here: the default
definition will change to -V2 and this will be referenced here.
Test: TreeHugger
Change-Id: I8cce78e7f56179db23b2de792764ea2cae2d3cb7
The COSE spec requires exact sizes for signatures, so any leading zeros
(which indicate a positive integer) are removed. This causes BigInteger
to assume the input is negative if the leading byte is 0xff, and it strips
that byte off. This breaks conversion from COSE -> DER signatures.
Explicitly tell BigInteger the input is always positive (per the COSE
spec) so that it leaves leading 0xff alone.
Test: identity-credential-util-tests
Fixes: 201574298
Change-Id: Ib2e587964125ea15fedd8a6e3ddb2bc422c211e3
These are mobile driving license helpers and constants for working with
the mDL application protocol.
Change-Id: I51a8845fad170cd596b92103a409ca94fc98d69c
Test: CtsIdentityTestCases
Test: IdCredSupportTests
We need these utilities for tools, and they may prove handy for
production code. Move them into system/security and flesh out the
unit tests.
Test: IdCredSupportTests
Change-Id: I18dd909e46aec5e315adb4358dc23088d70fa899
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibeb4178f99857be75bb5f83a073a2d679058d921
This change replaces libcppbor with libcppbor_external as part of the
effort to remove the partial libcppbor copy that lives in
hardware/interfaces.
Bug: 182445123
Test: It builds
Change-Id: I9c96cdf807979ecf806c80edd3cec9c443294c22
Currently we're using file-specific tags which makes it hard for
people looking at logcat to infer it's actually from credstore and it
also complicates filtering. Just use "credstore" everywhere.
Also change logging level from ERROR to INFO in the message
"Registered binder service" which is logged on startup.
Bug: None
Test: Compiles + manual inspection via logcat
Test: atest android.security.identity.cts (on goldfish)
Change-Id: I336d1a4e4e10b87fd3f08a5046cf5e13f09c9cb6
This CL adds the fix for the credstore failure reported in b/183253539.
Bug: 183253539
Test: CtsVerifier's Identity Credential Authentication test
Test: atest android.security.identity.cts
Change-Id: I396f36a58d260e3e081ef8a94aaf64431d0ad484
This is a followup CL to address the last code review comment at:
aosp/1612458.
Test: N/A. This is only a change in the text of the error.
Change-Id: I5d5a040ee23ef20836633e296376c6e4bbfc0e47
The root of the problem is that in some cases credstore would
pass auth- and verification-tokens to the Identity Credential
HAL without first having obtained a challenge via
IIdentityCredential.createAuthChallenge(). This makes it
impossible for the TA to validate the verification token for
freshness.
This is easily fixed by simply ensuring createAuthChallenge()
is called (and the returned challenge is used in the requested
verification token) whenever dealing with ACPs using user
authentication.
Additional issues / changes:
- During Android 12 development, an use-after-free bug was
introduced in Credential.cpp L120.
- keystore's getTokensForCredstore() had some bugs in how to
select an auth-token, in particular mixing authTokenAgeMillis
(milliseconds) with time_t values (seconds)
- as a result, keystore would sometimes return tokens older
than what credstore requested. This wasn't actually problem
because the TA would check it anyway.
- we now precisely define semantics in IKeystoreService.aidl
- Another potential use-after-free bug was found in
Credential.cpp L767
None of the fixes for these bugs affect CTS or VTS tests.
Bug: 181893400
Test: atest android.security.identity.cts on emulator
Test: atest android.security.identity.cts on crosshatch (w/ Android 11 era HAL)
Test: CtsVerifier's Identity Credential Authentication test crosshatch (w/ Android 11 era HAL)
Change-Id: I45a3fd16eff3b6a232d8b8c88f2e3dd3619a9c03
- Add Credential.proveOwership()
- Add Credential.deleteWithChallenge()
- Add Credential.updateCredential()
- Add Credential.storeStaticAuthenticationDataWithExpirationDate()
- Store this on disk. For entries stored without this parameter
assume they never expire.
- Add allowUsingExpiredKeys to Credential.selectAuthKey() and
Credential.getEntries()
- Unless set to true, never select an expired key
- Introduce ERROR_NOT_SUPPORTED and return this if HAL does not
support operation
Bug: 170146643
Test: atest android.security.identity.cts
Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589
This fixes a bug in credstore where it only worked if a credential
used ACP ids starting at zero and upwards (e.g. no holes). This is not
a reasonable requirement, it just happened to be a bug which wasn't
triggered because all CTS tests uses identifiers starting at 0 with
no holes.
This bug-fix is merged along with a new CTS test to check this bug no
longer exists.
Bug: 160966911
Test: atest android.security.identity.cts
Test: New CTS test testProvisionAcpIdNotStartingAtZero
Change-Id: I58595e6bf5f3ca3f82ebe9291fde54b7cf11e0dd
