Commit graph

60 commits

Author SHA1 Message Date
Rob Barnes
3af223fde0 Allow for input_data on finish.
Test: Keystore CTS tests

Change-Id: I22e69079e3ad5462ded2c7b71274c29ba5ef58d0
2019-11-14 16:43:12 -07:00
Steven Moreland
de99a52dc4 Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I940228446b6f5b747399b408ad9af652ac618fda
2019-09-05 14:18:17 -07:00
David Benjamin
dc4d142303 Replace custom BoringSSL scopers with bssl::UniquePtr.
BoringSSL already provides C++ scopers.

Test: mma
Change-Id: I34d4ec36fc0b51750560be0886768a83fe69fbf5
2019-08-08 13:13:54 -04:00
Janis Danisevskis
61aea51375 keystore_backend_binder: fix misinterpretation of getKeyCharacteristics return value.
The keystore backend used by racoon interprets the return value of
getKeyCharacteristics such that it thinks that it failed when it didn't.

Test: Initiate VPN connection with racoon.
Bug: 120024003
Change-Id: Ibe936a2d2d81181c10f0dd1075cc5ab3646f736e
2019-03-13 14:34:06 -07:00
Treehugger Robot
538a4e789e Merge "C++17 is now the default." 2018-12-05 20:41:50 +00:00
Elliott Hughes
9db4be105a C++17 is now the default.
Test: builds
Change-Id: Ibd6569c25f4ddfed3fd0cec771fba72cd5b9bd14
2018-12-04 13:06:50 -08:00
Branden Archer
7cb02e3c8e Use stream operator to report result code
The cast operator for KeyStoreNativeReturnCode and
KeyStoreNativeReturnCode will be removed later.
There already exists a stream operator to get
at the underlying value. Use that instead.

Bug: 119771891
Test: Built for walleye successfully, basic operations with
      keystore_cli_v2 tool work correctly.
Change-Id: I357e0582841b1deadbffd59bb49b5ae8542c9aee
2018-11-21 13:45:19 -08:00
Dan Willemsen
8bb8464d12 Convert keystore-engine to Android.bp
See build/soong/README.md for more information

Test: cd system/security/keystore-engine; mma
Change-Id: I7ca61f05581aec723e9404c63b45ceb8180938f2
2018-11-16 19:14:53 -08:00
Janis Danisevskis
ba2985a435 Fix keystore_backend_binder
Since the keystore AIDL interface became asynchronous we need a thread to handle the
callbacks.

With this patch keystore_backend_binder starts a thread pool when a
backend is created.

Also change keystore_cli_v2 to use startThreadPool instead of starting a
binder thread explicitely.

Bug: 111443219
Change-Id: Ic5b19d95f51a24d823825d5874ec85eeabd9ef5f
2018-11-15 16:24:10 -08:00
Rob Barnes
bb6cabdaa1 Multi-threaded keystore
This patches changes the keystore to use the asychronous api model for
begin, update, finish, and abort.

Also removes unused class KeystoreArguments (aidl and implementation).

Test: Keystore CTS tests
Bug: 111443219

Change-Id: Icc6def9ff6dbe32193272d7d015079a006ebc430
2018-11-14 14:01:45 -08:00
Janis Danisevskis
e5a09aac43 Remove legacy functions from IKeystoreService.aidl
In preparation for making the keystore service asynchronous we remove
redundant legacy functionality from the protocol.

This patch removes the functions get_pubkey, sign, verify, generate,
and import_key. Which have long been superseded by exportKey
(get_pubkey), begin/update/finish (sign, verify), generateKey
(generate), and importKey (import_key).

This patch also removes the implementations of these functions from
key_store_service and updates keystore-engine which still used the
legacy functionality.

It also remove the call isOperationAuthorized which was unused.

Test: Keystore CTS tests
Bug: 109769728
Change-Id: I0de359b3e43fd72faa9d1511f84b7c024968c884
2018-10-31 14:31:26 -07:00
Logan Chien
cdc813f782 Deprecate <cutils/log.h> and <utils/Log.h>
This commit replaces <cutils/log.h> and <utils/Log.h> with <log/log.h>.

Background:
<cutils/log.h> has been moved to <log/log.h> for a while.  Both
<cutils/log.h> and <utils/Log.h> simply includes <log/log.h> for
backward compatibility.  This commit is a part of the effort to remove
<cutils/log.h> and <utils/Log.h> from the source tree eventually.

Bug: 78370064
Test: lunch aosp_walleye-userdebug && cd system/security && mma
Change-Id: I798f06d78e2cc5cd197727c0bcdd05c87d769a90
2018-09-19 13:38:34 +08:00
Yi Kong
e353f25791 Modernize codebase by replacing NULL with nullptr
Fixes -Wzero-as-null-pointer-constant warning.

Test: m
Bug: 68236239
Change-Id: I41cd58617d6df6de7942a541fb6dc9519c70bef0
2018-07-30 01:40:01 -07:00
David Benjamin
8bc0be07d6 Merge "Remove RSA_FLAG_CACHE_PUBLIC." am: 6ec80146e5 am: de77a0910b
am: da0d915dfe

Change-Id: I44c48b7c8d6060ecf7c98c113fe3d29f95dddbf9
2017-12-18 15:59:56 +00:00
David Benjamin
48d2ea912e Remove RSA_FLAG_CACHE_PUBLIC.
This flag hasn't done anything in BoringSSL since March 2016.

Test: mma
Change-Id: I3972d7c006daa4370772363d7debf64b0c9713da
2017-12-15 18:37:02 -05:00
Dmitry Dementyev
ab8aa1c0a6 Make libkeystore_aidl shared and export to PDK.
Bug: 69539820
Test: manual

Change-Id: I6b8e8543b89245062790443f1e8b759418f7c162
2017-11-29 14:07:22 -08:00
Dmitry Dementyev
a447b3c9af Get rid of manually created IKeystoreService.
Generated IKeystoreService has different signature, which required lots
of refactoring.
After update methods relevant data using last parameter.
Test: cts-tradefed run cts -m CtsKeystoreTestCases
Bug: 68389643

Change-Id: I0ca36a2e9e007143a3b403b306a8f979ee98b232
2017-11-16 18:35:51 -08:00
Robert Sloan
a786d0becd Merge "Switch *_METHOD to a more future-proof pattern."
am: f3147f209c

Change-Id: I68777f100f68cfdcf36d9a79b0c72433764cc429
2017-09-20 16:25:58 +00:00
Robert Sloan
29f72ecdfd Switch *_METHOD to a more future-proof pattern.
This matches the other uses in Android and would have avoided
https://android-review.googlesource.com/c/423260/.

(cherry-picked from 472d59a651 on git_master)

Test: mma
Change-Id: I81f6092ab50ff408a48f18bcbca2a50cf9717ca6
2017-09-20 01:47:57 +00:00
Robert Sloan
472d59a651 Switch *_METHOD to a more future-proof pattern.
This merges go/aog/424219 into master (unfortunately, the
implementations are meaningfully different).

This matches the other uses in Android and would have avoided
https://android-review.googlesource.com/c/423260/.

Test: mma
Change-Id: I81f6092ab50ff408a48f18bcbca2a50cf9717ca6
2017-07-14 12:39:37 -07:00
Rob Sloan
ae9fa426cb Merge "Update BoringSSL structs in keystore-engine." am: 975e1aae69 am: 78505bae4c
am: 7d6eedfc47

Change-Id: Ib22db541b587fdde996d51660eb6f21e19875c13
2017-06-27 17:45:37 +00:00
Rob Sloan
78505bae4c Merge "Update BoringSSL structs in keystore-engine."
am: 975e1aae69

Change-Id: I4cd2a30d7281476eb30083dc04187784f8dad445
2017-06-27 17:38:12 +00:00
Robert Sloan
0a7e807721 Update BoringSSL structs in keystore-engine.
Test: None yet.
Change-Id: I61fef8270a7fce9e891cbb64cfdf082adf630921
2017-06-26 12:42:55 -07:00
Janis Danisevskis
ccfff10f66 Remove use of UniquePtr from keystore
Remove UniquePtr from keystore in favour of std::unique_ptr

Change-Id: I8e02adab4326028e26dbf59ac836679abe2a40de
2017-05-01 12:34:46 -07:00
Jiyong Park
ecb258e775 fix: wifi doesn't work on the generic system image
libkeystore-wifi-hidl and libkeystore-engine-wifi-hidl are required by
/vendor/bin/hw/wpa_supplicant. They are installed to /system partition.
This does not cause any problem as long as both /system and /vendor
partitions are built for the same target product, as we do for most of
our products.

However, it becomes a problem when we build only the /system partition
for the generic AOSP system.img. In that case, the libs are not
installed to the partition since we don't build vendor image for the
target and thus wpa_supplicant (and its dependencies as well) aren't
on the list of dmoules to be built/installed.

Moving them to vendor partition by adding LOCAL_VENDOR_MODULE := true
solves the problem.

Bug: 37126829
Test: basic functionalities of wifi work on marlin/sailfish with
system.img built from aosp_arm64_ab.

Change-Id: I783756a5848786b15c1f227f06a1ee2e291d3ce9
2017-04-11 09:12:00 +09:00
Steven Moreland
4cb6f38017 Fix transitive include.
Was relying on include from MQDescriptor.h

Test: pass
Change-Id: Ic3f24fea3875ed1f598b18e4a1fa05c226a86037
2017-04-06 12:41:59 -07:00
Roshan Pius
30b220e734 keystore-engine: Couple of bug fixes for HIDL keystore
Fixes for issues found in wifi integration tests:
1. ensure_keystore_engine() needs to be invoked before we access
|g_keystore_backend|.
2. The HIDL backends need to return 0 when the operation succeeds.

Bug: 34603782
Test: Manual tests.
Change-Id: If61d3bef27dab6f4fb73113f0ed6d3e784a29f32
2017-04-03 13:50:00 -07:00
Roshan Pius
e653c93db1 keystore: Run Wifi keystore HAL in keystore daemon
The wifi keystore hal will run in the context of the main keystore
daemon.

Also,
Use the new IKeystore::tryGetService() for retrieveing the HAL service.

Bug: 34603782
Test: Able to connect to wifi passpoint networks.

Change-Id: I1436ea83166e5ad17372d98b0fd699c0dd732a11
2017-03-30 13:04:46 -07:00
Paul Stewart
bf7fc8df76 Add a HIDL-based keystore_get variant
Create a "keystore_get" library that uses the HIDL path insted
of using binder directly.

Bug: 34603782
Test: Able to connect to wifi passpoint networks.
Change-Id: I0f545ea104e3f27bebd262bc5a2e79f6b517c972
2017-03-29 11:29:43 -07:00
Paul Stewart
657356c169 Add HIDL backend to keystore service
This CL adds variants of the public key retrieval and signing
routine which use the WiFi Keystore HIDL for the backend.
The Android.mk has been modified to build a second variant of
the library to expose this HIDL backend.  While here, add
guards to all headers.

Bug: 34603782
Test: Able to connect to wifi passpoint networks.
Change-Id: I444ef383e4d3fdabc10c3e44c1bae9747613c8cf
2017-03-29 11:29:43 -07:00
Paul Stewart
ac0ffbf62c Separate the binder backend from android_engine
Create a pure virtual class "KeystoreBackend" which supplies the
crypto methods used by android_engine.  Create a KestoreBackendBinder
class which implements the binder backend as a no-op change that
will allow future backends to be added.

Bug: 34603782
Test: Compiles
Change-Id: I16620aba569bd53290145b2b30242c4888106d0a
2017-03-29 11:29:40 -07:00
Janis Danisevskis
c7a9fa29c1 Port to binderized keymaster HAL
This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition.  In the process
of porting, keystore underwent some changes:

* Keystore got a new implementation of AuthorizationSet that is fully
  based on the new HIDL data structures. Key parameters are now either
  organised as AuthorizationSets or hidl_vec<KeyParameter>.  (Formerly,
  this was a mixture of keymaster's AuthorizationSet,
  std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.)  The
  former is used for memory management and provides algorithms for
  assembling, joining, and subtracting sets of parameters.  The latter
  is used as wire format for the HAL IPC; it can wrap the memory owned
  by an AuthorizationSet for this purpose.  The AuthorizationSet is
  accompanied by a new implementation of type safe functions for
  creating and accessing tagged key parameters,
  Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
  response codes. Keystore has two sets of error codes.  ErrorCode
  errors are less than 0 and use 0 as success value.  ResponseCode
  errors are greater than zero and use 1 as success value.  This patch
  changes ResponseCode to be an enum class so that is no longer
  assignable to int without a cast. The new return type can only be
  initialized by ResponseCode or ErrorCode and when accessed as int32_t,
  which happens on serialization when the response is send to a client,
  the success values are coalesced onto 1 as expected by the
  clients. KSSreturnCode is also comparable to ResponseCode and
  ErrorCode, and the predicate isOk() returns true if it was initialized
  with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
  success, regardless of the input, internal errors, or lack of
  permissions.
* The marshalling code in IKeystoreService.cpp was rewritten.  For data
  structures that are known to keymaster, the client facing side of
  keystore uses HIDL based data structures as (target) source
  for (un)marshaling to avoid further conversion.  hidl_vecs are used to
  wrap parcel memory without copying and taking ownership where
  possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
  of the old HAL).  The new implementations avoid explicit use of
  malloc/new and waive the use of pointers for return values. Instead,
  functions return by value objects that take ownership of secondary
  memory allocations where required.

Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts

Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
2017-01-23 08:30:49 -07:00
Kenny Root
ddf4742f09 Remove OpenSSL support
Only BoringSSL is supported anymore. The OpenSSL code is not tested.

Test: make -j32
Bug: 31464605
Change-Id: I6394bcf71f9e0b17bd8cbb50f6868df03aa00780
2016-09-16 12:40:13 -07:00
Chih-Hung Hsieh
26275ad6ba Fix misc-macro-parentheses warnings.
Add parentheses around macro arguments used beside binary operators.

Bug: 28705665
Change-Id: I4ea2db63c18e40dabc10d42bfa5c936a71d6c628
2016-05-11 14:26:35 -07:00
David Benjamin
30c77521ca Remove RSA_FLAG_EXT_PKEY from android_engine.cpp.
RSA_FLAG_EXT_PKEY, despite the name, is only about calling the RSA_METHOD's
mod_exp hook while reusing the rest of the RSA_private_transform logic. This
code doesn't provide mod_exp and instead overrides private_transform, so the
flag is a no-op.
2016-03-28 18:06:31 -04:00
Adam Langley
862cf6af40 system/security: remove BORINGSSL_201509 support.
The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).

Now that the new version has landed, this change removes that support.

Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
2015-09-30 15:06:45 -07:00
Adam Langley
9eb9295d78 Prepare for BoringSSL update.
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.

Change-Id: I3d09b5644661353723803bcbda937d34455849a5
2015-09-02 15:37:27 -07:00
Kenny Root
dcca0516dd keystore-engine: comment out unused args
This fixes the build when -Werror -Wunused-parameter is enabled in the
compiler options.

Change-Id: I4581492c23885de8d31d2e66483ee281c0045c58
2015-04-18 11:23:35 -07:00
Kenny Root
de7d73463f keystore-engine: Restore module path
The module relative path was accidentally erased when BoringSSL
compatibility was added. This restores the path so that WiFi with
keystore-backed credentials works again (among other things).

Bug: 19680487
Change-Id: Iee7c13d7b60d93f1520886e90ec23875bd52ab9a
2015-03-11 12:07:14 -07:00
Kenny Root
4e28857446 Merge "Remove superfluous OpenSSL include paths." 2015-01-30 19:15:35 +00:00
Adam Langley
72b2bfb942 Remove superfluous OpenSSL include paths.
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Change-Id: I53fed0932b9f15b273880810cf38a03ecf6dc274
2015-01-26 11:04:17 -08:00
Elliott Hughes
a045ed6908 Add missing include.
Change-Id: Ib49de848de49e3a4304b333d8c17d03299c048ba
2015-01-24 20:26:00 -08:00
Adam Langley
b2747fedfb system/security: sync with latest BoringSSL.
This change allows system/security to build with the latest BoringSSL.

1) RSA methods have gained a function pointer, |supports_digest|, which
   allows methods to indicate that they only support certain hash
   functions via the high-level interface.

2) EC_GROUP_set_point_conversion_form has been removed (it was
   previously a no-op).

Change-Id: I590094d8904f418cfd6baf064ac9799525fbc09e
2014-12-11 17:21:47 -08:00
Adam Langley
1fb05838c4 Add ENGINE for BoringSSL.
This change adds a new ENGINE implementation for BoringSSL. It's a no-op
until external/openssl is switched to BoringSSL.

BoringSSL's ENGINEs are very different from OpenSSL's (and very much
smaller). Thus this change adds replacement code that is conditionally
compiled when BoringSSL is used.

Rather than building a .so that is put in a special directory and loaded
by OpenSSL dymanically, the code becomes a normal library that exports a
single function: EVP_PKEY_from_keystore. All the |ENGINE_load| etc
functions that callers previously needed become moot with BoringSSL.

Bug: 17409664
Change-Id: I8b5ba255f86ec5d0f28994358dc0f0b516f0af40
2014-09-29 13:20:27 -07:00
Colin Cross
20e90ad94a keystore: fix errors inside ALOGV
Fix errors exposed by adding compile-time checking to disabled ALOGVs.

Change-Id: I42752d163bebe841d21f5feb8909a9e5017d74d1
2014-02-06 20:38:48 -08:00
Colin Cross
3d2f4fd026 system/security: convert LOCAL_MODULE_PATH to LOCAL_MODULE_RELATIVE_PATH
LOCAL_MODULE_PATH doesn't work for multiarch builds, replace it
with LOCAL_MODULE_RELATIVE_PATH.

Change-Id: I4e4ceec61d026bbe74ba604554c06104bde42e5e
2014-01-24 21:00:32 -08:00
Kenny Root
26cfc08add Use canonical UniquePtr.h header
Change-Id: Iab1dc428c2330a07a5944a1cfbb25c8134b11950
2013-09-11 14:38:56 -07:00
Kenny Root
77acaa0d42 Revert to old-style API for EC_KEY handling
Nothing using the EVP_PKEY correctly, so we should revert to the EC_KEY
and ECDSA interfaces. Unfortunately, the SSL client certificate library
uses EC_KEY directly, so just having the EVP_PKEY interface doesn't
work.

Remove the EVP_PKEY interface entirely because it just adds complexity
since the EC_KEY path will do the same thing.

(cherry picked from commit 47041552bd)

Bug: 10655329
Change-Id: Ibf8c36780fe93284b88e91b7860baf1b951b4266
2013-09-10 10:39:43 -07:00
Kenny Root
6071179a37 Add support for DSA and ECDSA key types
Change-Id: Ibee8d172eeb36f1a2e2ce62f275aea55ada5bcbf
2013-08-30 17:25:20 -07:00
Kenny Root
9d422a535c Revert "Revert "Split up main engine from methods""
Added missing Android.mk change in this commit.

This reverts commit 1fcabcd327.

Change-Id: I71e7fbc8f80a35b4666af985cffb4e7a2eb5634f
2013-06-27 09:15:49 -07:00