Log an informational message when creating each of a user's super keys,
as these are significant events.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Flag: exempt, just adds a log message
Change-Id: I9d76a0ec06fae208412f4c6cf1b7dd739b023a61
Currently the UnlockedDeviceRequired super keys are created by
get_or_create_super_key(), while the AfterFirstUnlock super key is
created by separate code in init_user(). The super key creation code in
get_or_create_super_key() is generic enough to work for all super keys,
however. This CL factors this code out into a new function
create_super_key(), which a later CL will use for the AfterFirstUnlock
super key. No change in behavior.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Flag: exempt, mechanical refactoring
Change-Id: I88779273efef6cb925152381c07549e1f49daecf
This returns the time (from CLOCK_MONOTONIC_RAW) that the specified user
last authenticated using the given authenticator.
Bug: 303839446
Test: atest keystore2_client_tests
Change-Id: Idd4c477365ffa556b7985d1d926dfa554680ff28
1. Generate a key with application-data and use the generated key to
create an operation using the same application-data. Test should
create an operation successfully.
2. Generate a key with application-data and use the generated key to
create an operation using different application-data. Test should
fail to create an operation with `INVALID_KEY_BLOB` error code.
3. Generate a key with application-id and use the generated key to
create an operation using the same application-id. Test should
create an operation successfully.
4. Generate a key with application-id and use the generated key to
create an operation using different application-id. Test should
fail to create an operation with `INVALID_KEY_BLOB` error code.
5. Generate an attestation key without app-id and app-data. Test should
generate a new key with specifying app-id, app-data and using
previously generated attestation key. Test should be able to generate
a new key successfully.
6. Generate an attestation key with app-id and app-data. Test should try
to generate an attested key using previously generated attestation
key without specifying same app-id, app-data. Test should fail to
generate a new key with an error code `INVALID_KEY_BLOB`. It is an
oversight of the Keystore API that `APPLICATION_ID` and
`APPLICATION_DATA` tags cannot be provided to generateKey for
an attestation key that was generated with them.
Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: I56fad4806c6d96c5994f4affdd7aa6620b1f1be8
* changes:
keystore2: rename the ScreenLockBound superencryption keys and type
keystore2: rename the LskfBound superencryption key and type
keystore2: rename values of UserState enum
Rename the ScreenLockBound superencryption keys and superencryption type
to UnlockedDeviceRequired. This avoids confusion about what "screen
lock bound" means and makes the terminology consistent with the
UnlockedDeviceRequired key parameter in the API.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Test: atest CtsKeystoreTestCases
Flag: exempt, mechanical refactoring and comment changes
Change-Id: I98f7716d05c06f8c6db0f3eb616fb6e780407c2d
Rename the LskfBound superencryption key and superencryption type (also
known as per-boot) to AfterFirstUnlock.
This makes it much clearer what the protection of this key is. This
includes avoiding the misleading use of "LSKF"; the secret that's
actually relevant is the user's synthetic password, which is most
commonly unlocked with the LSKF but can potentially be unlocked in other
ways. This is also helpful for the planned change to make the user's
super keys exist even while the user doesn't have an LSKF.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Test: atest CtsKeystoreTestCases
Flag: exempt, mechanical refactoring and comment changes
Change-Id: I9b16934f37222fef2bf01830f521928ef2c1853a
Rename UserState::LskfLocked to UserState::BeforeFirstUnlock, and
rename UserState::LskfUnlocked to UserState::AfterFirstUnlock.
This makes it much clearer what these states are. This includes
avoiding the misleading use of "LSKF"; the secret that's actually
relevant is the user's synthetic password, which is most commonly
unlocked with the LSKF but can potentially be unlocked in other ways.
This is also helpful for the planned change to make the user's super
keys exist even while the user doesn't have an LSKF.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Test: atest CtsKeystoreTestCases
Flag: exempt, mechanical refactoring and comment changes
Change-Id: I78f15e2165876951c98e22e577fc4c92a3602b3b
As early as fsverity_init, the flag can only be static (thus
is_fixed_read_only). It is now a constant/false and will be flipped
during the ramp up at build time.
Bug: 290064770
Test: mma
Test: Inspect the generated code
Change-Id: I4bd1addb996705f6e6b9f75313bf22b9ecd3e11c
* changes:
Adding tests to check unique id attestation.
Changes are made in keystore-client-tests to verify CREATION_DATETIME, ATTESTATION_CHALLENGE and ATTESTATION_APPLICATION_ID.
This function will be uses in several places for pVM
remote attestation.
Bug: 303807447
Test: atest libdiced_sample_inputs.integration_test \
libdiced_sample_inputs_nostd.integration_test
Change-Id: I6f45ff35c6e48eb42a32d28c1eb3e851859db655
Add code (adapted from system/keymint/common/src/keyblob/legacy.rs)
which parses keyblobs in the format produced by the previous C++
reference implementation of KeyMint.
Bug: 283077822
Bug: 296403357
Test: tested with ARC upgrade, see b/296403357
Change-Id: I519eed0ac968d5c2595f95609ffadede5d2d2677
When handling keyblob upgrade required, also watch out for an invalid
keyblob error that might indicate that a key used to be a
km_compat-wrapped Keymaster key.
In this situation, try stripping off the km_compat prefix and
attempt upgrade of the inner keyblob data instead.
Bug: 251426862
Bug: 283077822
Bug: 296403357
Test: tested with ARC upgrade, see b/296403357
Change-Id: I8539455e33ab2e1c97f26174476ee9d616269e74
IKeystoreMaintenance#getState() is no longer called, so remove it along
with the enum value for the GetState permission.
Bug: 296464083
Test: atest -p --include-subdirs system/security/keystore2
Change-Id: I9ec6cca78cd1eb899ac7adfc99fc5eee41dc7e44
1. Generate a key with `BOOTLOADER_ONLY` tag. Test should successfully
generate a key and verify the key characteristics. Test should fail
with error code `INVALID_KEY_BLOB` during creation of an operation
using this key.
2. Generate a key with `EARLY_BOOT_ONLY` tag. Test should successfully
generate a key and verify the key characteristics. Test should fail
with error code `EARLY_BOOT_ENDED` during creation of an operation
using this key.
3. Generate a key with `MAX_USES_PER_BOOT` tag. Test should successfully
generate a key and verify the key characteristics. Test should be
able to use the key successfully `MAX_USES_COUNT` times. After
exceeding key usage `MAX_USES_COUNT` times subsequent attempts to use
the key in test should fail with error code `MAX_OPS_EXCEEDED`.
4. Generate a key with `USAGE_COUNT_LIMIT` tag. Test should successfully
generate a key and verify the key characteristics. Test should be
able to use the key successfully `MAX_USES_COUNT` times. After
exceeding key usage `MAX_USES_COUNT` times subsequent attempts to use
the key in test should fail with error code `KEY_NOT_FOUND`. Test
should also check attest record for attested keys that
`USAGE_COUNT_LIMIT` is included in attest record.
Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: I205964b571d92dc0fcbd11b1f6d45bc3aea7c050
USAGE_EXPIRE_DATETIME.
1. Tests will generate a key with current date and time set to
active-datetime and verify the key characteristics. Test will use
this key to create a sign operation successfully.
2. Test will generate a key with future date set to active-datetime and
verify the key characteristics. Test will fail with error code
`KEY_NOT_YET_VALID` while creating an operation using generated key.
3. Tests will generate a key with future date and time set to
origination-expire-datetime and verify the key characteristics. Test
will use this key to create a sign operation successfully.
4. Test will generate a key with current date and time set to
origination-expire-datetime and verify the key characteristics. Test
will fail with error code `KEY_EXPIRED` while creating an operation
using generated key.
5. Tests will generate a key with future date and time set to
usage-expire-datetime and verify the key characteristics. Test
will use this key to successfully verify the signature created using
this key.
6. Tests will generate a key with current date and time set to
usage-expire-datetime and verify the key characteristics. Test
will fail with error code `KEY_EXPIRED` while verifying the signature
created using this key.
7. Test will generate a AES key with future date and time set to
usage-expire-datetime and verify the key characteristics. Test
will perform encrypt and decrypt operations using this generated key
successfully.
8. Test will generate a AES key with current date and time set to
usage-expire-datetime and verify the key characteristics. Test
will fail with error code `KEY_EXPIRED` while creating Decrypt
operation using generated key.
Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: I8a0865a6256a6da133e95d0ee8250ba67359a2a2
Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.
Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer
Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307
WAL mode allows db connections to open when the disk
is full. This is done in the current and legacy db and
tested manually by the commandline.
Testing: Filled a file with empty values until it took up all the space on the disk then accessed the database. This was not possible with this mode disabled but was once I enabled it on a new flash
Bug: 191777960
Test: atest keystore2_test and atest CtsKeystoreTestCases, filled real device to full and tested
Change-Id: Ic1a45fd635168061a6c5489a42a67cb59d3ddc6a