Update keystore2 to use libbinder_rs Strong<> and Weak<> references for
Binder objects rather than just Box<dyn Interface>.
Bug: 175584883
Test: atest keystore2_test
Change-Id: Ic234ce5ed007a265769a72043d77eb817a21b8ea
This patch connects the APC manager to the enforment module and
ultimately to the operation, so that the confirmation token can be
delivered to operations that require it.
Also fix a bug in apc_compat.rs.
Test: CtsVerifier
Change-Id: I69b6b08b10f51d255c2d70da3a6354b04f0ce801
* Filter out invalid tags before passing them to the Keymaster device.
* Support negative timestamps for NOT_BEFORE/AFTER tags. Because the
Keystore CTS test wants to create historic certificates predating
Jan 1970.
Test: Keystore CTS tests.
Change-Id: I25a4440bf1318e9925f7a0c2ac481c29a56a412e
KeyMint adds some new enforceable features. We don't want to confuse the
legacy backends, so we already filter them from the input parameters.
As a result they won't be included in the output key characteristics, so
in this patch we identify them and add them back in.
Test: N/A
Change-Id: I1bc496eca7d79aa1bb6dc2cfa7f0b3821969b401
Also add signature padding only if algorithm RSA was selected and add
Digest::None as viably selectable digest.
Test: atest android.keystore.cts.KeyPairGeneratorTest#testGenerate_RSA_ModernSpec_UsableForTLSPeerAuth
Change-Id: I917afe345c96f4f13fe7afc9430e621b3ba567bf
Keystore 2.0 expects Keymint to perform key generation/import and
attestation in one opration. This means it passes all of the relevant
parameters to the generate/import functions. The legacy backends
might respond with an error if, say an attestation parameter is passed
to generateKey. So this wrapper filters the paramerers to not include
irrelevant parameters.
Test: Keystore CTS tests.
Change-Id: Ie002eb188e6ba2a47554c38b3225cdd9ce961136
SQLite2 seems to hold a shared mutex while running the busy handler when
waiting for the database file to become available. This makes it
impossible to successfully recover from a locked database when the
transaction holding the device busy is in the same process on a
different connection. As a result the busy hander has to time out and
fail in order to make progress.
This patch replaces the default busy handler with one that times out
immediately. In addition all database accesses have been moved into
retry loops that handle the busy error which can occur at any time, not
only during begin or commit of a transaction. This assures that no
sqlite3 internal mutexes are held while waiting for the database to
become available.
The database interface had to change slightly to assure that all
database manipulations can be replayed and not data is lost.
A test has been added that makes sure that the correct error is caught,
and another test was added that produces a lot of concurrent database
manipulations and would easily trigger database busy errors.
Test: keystore2_test
Change-Id: I8ce3e3159b2356ace2b9f0ebdf074bbabc6612af
Keystore no longer transitions to the database directory as its working
directory. This allows keystore to start before data is mounted.
Test: keystore starts and early.
Change-Id: I98272fb0e97e8fe93eb87a657286681c78d28a60
This commit provides the tables and database access functionality that
will be needed by Keystore to implement its portion of remote
provisioning.
Test: atest keystore2_test
Change-Id: I5b79b1df2896387511759c0a6fadca80edf528fc
This commit adds the AIDL interface required to use remote provisioning,
as well as the implementation.
Test: tbd
Change-Id: I28ade347a00210f4bc3b74664873c2cf5221adb0
This change adds a uuid field to map keys to KM devices to the keyentry
table. For now, the security level reported by the KeyMint instance's
hardware info is uased as uuid until the hardware info returns an
actual uuid. This security level may differ from the security level
requested by keystore clients in some situations, e.g., when running a
pure software implementation or on chrome os.
Test: atest keystore2_test
Change-Id: I4b9556804eb6a435ac48d5929fc238e22c23d94d
Allow storing certificates without keys.
Also allow deleting subcomponents by setting corresponding arguments to
None.
Test: KeyStore CTS and keystore2_test
Change-Id: Ie3c937941c6dd6d4a43cd86273cce4f0d7880ca6
Respect input consumed by KeyMint device and call update in a loop
until all input was consumed.
Test: Keystore CTS tests.
Change-Id: If7bcb019fe5f22d69e2d87d2ba56d597131e318c
We need a way to distinguish between tags that are enforced by KeyMint
with security level "SOFTWARE" and tags that are not enforced by
KeyMint but are expected to be enforced by KEYSTORE.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8a88d661bca0125ee149276f6b9cb0017a1c9b12
The km compatibility test only makes sense on devices that actually have
legacy keymaster. With this patch we skip all the tests if no connection
can be established.
Test: keystore2_km_compat_test
Change-Id: I6cfd52a0410fe1b13f5df4be11d23ef4ea223296
Some of the permission tests only pass on cuttlefish because its
system_server is permissive. This fix makes them pass on real devices.
Test: keystore2_test
Change-Id: I3cca0cf7ca30276eb75fa1d86a9243ee65d3d588
Now using mostly KeyMint error codes and a safe conversion function.
Test: keystore2_km_compat_test_cpp
Change-Id: I43ec848a8ee5544fcc8e79a4af0690e45bc28095
