tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
7455 commits 1 branch 0 tags 12 MiB
Commit graph

7455 commits

This branch
This branch
All branches
Author SHA1 Message Date
Shaquille Johnson
df83fb71d4 Use binder to get AIDL descriptor in Rust 
Using the binder object we can directly get names of interfaces
rather than hardcoding the strings. This allows for lookup to be easier.

Test: atest keystore2_test and atest CtsKeystoreTestCases
Bug: 249096262
Change-Id: I74bc696b860e2c08286b1d5175378e8d44728858
 2023-04-27 12:21:52 +00:00
David Drysdale
53e956493e Merge "Ensure RSA_OAEP_MGF_DIGEST tags are returned" 2023-04-25 12:05:57 +00:00
David Drysdale
bf00b4af0a Ensure RSA_OAEP_MGF_DIGEST tags are returned 
Test: CtsKeystorePerformanceTestCases with printf debugging
Bug: 278157584
Change-Id: I39a286fece2fa2e3637bb41e127bb79034434af1
 2023-04-24 18:17:34 +01:00
Shaquille Johnson
0e4338ea95 Merge "Connects to Keymint and gets version number" 2023-04-14 14:24:53 +00:00
Shaquille Johnson
8d67b75bc1 Connects to Keymint and gets version number 
Fix for regression in aosp/2453685, this gets the
version of keymint that is on the device.

Test: atest keystore2_test
Bug: 275589241 276396649
Change-Id: I2afe1472a0a4e3c4f81379c589833285bb228811
 2023-04-12 10:48:48 +01:00
Seth Moore
b0ba852a65 Merge "Remove dead stats interface for getting some atoms from keystore" 2023-04-03 17:27:08 +00:00
Seth Moore
1904440782 Remove dead stats interface for getting some atoms from keystore 
The RkpPoolStats atom has been moved from keystore2 into rkpd, so
we no longer need to query it from keystore2.

Bug: 268247931
Test: presubmit
Change-Id: I285011ed29183e3008310be248ddeb8b9668ac01
 2023-03-31 15:05:17 -07:00
Eran Messeri
4ec7585ff8 Merge "Keystore2: Batching listing of key entries" 2023-03-27 10:18:00 +00:00
Tri Vo
06eb7abb93 Merge "Revert^2 "Remove android.security.remoteprovisioning interfaces"" 2023-03-23 17:43:57 +00:00
Eran Messeri
24f3197c7f Keystore2: Batching listing of key entries 
Support for listing key entries in batches, so that a large number of
key entries, or entries with long key aliases, could be listed.

The list of key descriptors (which contain the key alias) is returned
to JCA from Keystore2 service via the Binder interface.
The size of a single Binder transaction is limited. Thus, we have run
into http://b/222287335 , where an app can create too many Keystore2
keys than can be returned in a single Binder transaction. Effectively,
this prevents the app from listing the keys it generated at all.

This is solved by adding a method to the Keystore2 interface for
obtaining all the key descriptors whose alias is past a given value
(with the intention that this value is the last key alias from the
previous batch). Keystore2 already limits the number of entries
returned to a number estimated to fit under the Binder transaction size
limit. Together, this enables callers to receive the list of key
descriptors in batches.

Additionally, add a method to Keystore2 to return the total number of
key entries by querying the DB for the number of rows, rather than count
the number of entries returned (which may be truncated).

Bug: 222287335
Test: atest KeystoreTests
Test: atest CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest
Test: atest keystore2_test
Change-Id: I4a8efef2303beadd2cf6db992833d87bf58d7aec
 2023-03-21 09:35:33 +00:00
Tri Vo
128453ec87 Revert^2 "Remove android.security.remoteprovisioning interfaces" 
These interfaces are deprecated and replaced by
android.security.rkp_aidl ones.

Bug: 273325840
Change-Id: I6f561d7c332fc3cc5921453b5bd5938154b700d0
Test: m
 2023-03-20 19:38:04 +00:00
Ioana Alexandru
d788acd9d5 Merge "Revert "Remove android.security.remoteprovisioning interfaces"" 2023-03-20 17:13:02 +00:00
Ioana Alexandru
8c8feac745 Revert "Remove android.security.remoteprovisioning interfaces" 
This reverts commit 9fad346811.

Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_udc-d1-dev-plus-aosp-without-vendor&target=errorprone&lkgb=9769185&lkbb=9776170&fkbb=9771476, bug b/274209879

Change-Id: I210c4a47d76864c3c212b907eb875ef363c3beab
 2023-03-20 17:08:20 +00:00
Tri Vo
6987ceb93d Merge "Remove android.security.remoteprovisioning interfaces" 2023-03-17 19:19:53 +00:00
Victor Hsieh
93302519d4 Merge "Consolidate fs-verity wrapper in libfsverity_rs" 2023-03-17 15:30:40 +00:00
Victor Hsieh
506de61fa1 Consolidate fs-verity wrapper in libfsverity_rs 
Bug: 272587415
Test: m libfsverity_rs
Change-Id: I9370d4cf66b34b6b86fda60f22ea096ce038da07
 2023-03-15 13:34:47 -07:00
Tri Vo
9fad346811 Remove android.security.remoteprovisioning interfaces 
These interfaces are deprecated and replaced by
android.security.rkp_aidl ones.

Bug: 273325840
Test: m
Change-Id: I888ded721341ab6e6e89fe236c8fb0f7e6122b74
 2023-03-13 15:34:01 -07:00
Tri Vo
b736341e3e Merge changes I0049d5ba,I28ebc5a2 am: 180cf9d109 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2476009

Change-Id: I0f7146d6f813ac87fb64860edc42d568f492b4ad
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-10 01:57:37 +00:00
Tri Vo
180cf9d109 Merge changes I0049d5ba,I28ebc5a2 
* changes:
  identity: Replace RemotelyProvisionedKey with librkp_support
  Add helper library to get remotely provisioned key
 2023-03-10 01:34:15 +00:00
Seth Moore
aee3550d99 Merge "Fix CSR format for RKPv3" am: 7998ee1339 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2456195

Change-Id: I4ae1e65d8f91ff92b570b64fe9fed505a19a63a2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-10 01:16:19 +00:00
Seth Moore
7998ee1339 Merge "Fix CSR format for RKPv3" 2023-03-10 00:58:22 +00:00
Seth Moore
7fc83abf6e Fix CSR format for RKPv3 
The data format changed a bit, and the fingerprint needs to be included
at the end of the CSRv3 data. Make sure to include that, else the RKP
server rejects the payload.

Test: run tool + upload output
Test: rkp_factory_extraction_lib_test
Change-Id: I5a13b21e65c64f19b9417a7d1e169710867e7a8f
 2023-03-10 00:57:31 +00:00
Tri Vo
1054237787 identity: Replace RemotelyProvisionedKey with librkp_support 
Test: m credstore
Change-Id: I0049d5ba59936943336c7a531d1b022d4d64e4a6
 2023-03-09 16:09:23 -08:00
Tri Vo
a9ebcd24e1 Add helper library to get remotely provisioned key 
The code is mostly from credstore. The intention here is that we replace
that code with a common library.

Test: librkp_support_test
Change-Id: I28ebc5a253c037277dad6d39b761b4e8aa4347e8
 2023-03-09 16:09:03 -08:00
Treehugger Robot
e1b4ac967b Merge "Don't set /dev/hwrng to O_NONBLOCK" am: 94ad8ad990 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2480515

Change-Id: I03cd772bb81dd413ca9623f84d4c26fbfec8ba76
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-09 21:09:31 +00:00
Treehugger Robot
94ad8ad990 Merge "Don't set /dev/hwrng to O_NONBLOCK" 2023-03-09 20:01:54 +00:00
Paul Crowley
17885691e7 Don't set /dev/hwrng to O_NONBLOCK 
Reads on `tokio::fs::File` are expected to block, and are performed
inside a `spawn_blocking` call so that they don't block the reactor.

Bug: 268075535
Test: read from /dev/socket/prng_seeder 256 times
Change-Id: I009d1fb11b540412e705cc2be0ebc7e2f09d2c0c
 2023-03-09 17:51:58 +00:00
Treehugger Robot
5e20b3d6e9 Merge "Remove usage of slice_internals feature" am: 308b2c22f9 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2471760

Change-Id: I401c349bc2d9e6ba8a3dca219f90feb69d53d8b8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-08 22:11:28 +00:00
Treehugger Robot
308b2c22f9 Merge "Remove usage of slice_internals feature" 2023-03-08 21:38:01 +00:00
Treehugger Robot
db8cd61b3d Merge "rust: Defaulting --size_t-is-usize" am: cae809a87c 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2183566

Change-Id: I9c1c38ae76dd30ccbd11dbcf9bec27fa0d837b79
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-08 20:18:38 +00:00
Treehugger Robot
cae809a87c Merge "rust: Defaulting --size_t-is-usize" 2023-03-08 19:52:44 +00:00
Chris Wailes
bac435591f Remove usage of slice_internals feature 
This CL replaces the usage of the core::slice::memchr function with
calls to std::iter::position.

Test: m keystore2_unsafe_fuzzer
Test: TH
Bug: 267698452
Change-Id: I33cab09176d0ff02ce092e240e887ece98728915
 2023-03-08 10:21:06 -08:00
Shaquille Johnson
43adceefff Merge "Remove vintf aidl and replace with binder" am: 71e6c96283 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2453685

Change-Id: I52199b43c05b0707b49875fd61397bc639769e87
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-08 16:52:48 +00:00
Shaquille Johnson
71e6c96283 Merge "Remove vintf aidl and replace with binder" 2023-03-08 16:17:03 +00:00
Pete Bentley
e4c365660a Merge "Skip no-longer-supported signature/padding combinations." am: 340b1bc382 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2469824

Change-Id: Icae6c9fca06742af27b7f2775eca99d2e8334a95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-08 14:02:33 +00:00
Shaquille Johnson
d4443c6fd4 Remove vintf aidl and replace with binder 
Aidl Instances can be gotten from the binder with
get_declared_instances.

Test: m keystore2 && m keystore2_unsafe_fuzzer
Change-Id: I36b4bdb8de6dd8abedf50d2026d1d841ce27c55d
 2023-03-08 13:46:19 +00:00
Pete Bentley
340b1bc382 Merge "Skip no-longer-supported signature/padding combinations." 2023-03-08 13:17:27 +00:00
Tri Vo
a4c77e4d0f Merge "keystore2: Remove remote provisioning logic" am: 59473cad8b 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2324713

Change-Id: I23425187b9a7f11fdf2ddb25a0c7e2d8c5bff2ee
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-07 22:57:50 +00:00
Tri Vo
59473cad8b Merge "keystore2: Remove remote provisioning logic" 2023-03-07 22:19:08 +00:00
Pete Bentley
1f59474e62 Skip no-longer-supported signature/padding combinations. 
Bug: 270297780
Test: atest keystore2_crypto_test
Change-Id: Ia47569e3ca1d78365b5e8f85c46e6e9da4b4fb18
 2023-03-07 14:36:41 +00:00
Tri Vo
75cb8a27ac Merge "identity: Remove IRemotelyProvisionedKeyPool usage" am: ee8042e346 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2411503

Change-Id: Id8014921e330976b38b358fb8dcac1697270f698
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-05 07:19:43 +00:00
Tri Vo
ee8042e346 Merge "identity: Remove IRemotelyProvisionedKeyPool usage" 2023-03-05 06:52:32 +00:00
Tri Vo
a1634bb643 keystore2: Remove remote provisioning logic 
keystore2 will always be using RKPD instead.

Bug: 261214100
Test: m keystore2 keystore2_test
Change-Id: Ibd27a8ae7d502e0fab2f728aa49175d28a6780b0
 2023-03-03 15:30:01 -08:00
Tri Vo
190a43b979 identity: Remove IRemotelyProvisionedKeyPool usage 
Test: m credstore
Change-Id: I5aa0a389083b28cb51dbd47297403b955104b8a6
 2023-03-03 15:26:16 -08:00
Treehugger Robot
5cbffbce97 Merge "[dice][refactor] Arrange sample_inputs library and tests in one place" am: d1a8e4f595 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2469043

Change-Id: I4defc921329edb099b4009b9a715c89df557890c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-03 17:56:59 +00:00
Treehugger Robot
59510e8f8d Merge "Change request for Rust v1.68.0" am: 73da35bd02 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2468820

Change-Id: Ibc6bb3d16582aad611385fec62d98fbe47872a6d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-03 17:54:54 +00:00
Alice Wang
63d11eabd7 Merge "[dice][refactor] Remove unused library libdiced_utils and tests" am: ed296c68bc 
Original change: https://android-review.googlesource.com/c/platform/system/security/+/2469042

Change-Id: I04b5271aa86d87d70d8b6d708b941b209717ac4c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-03-03 17:09:08 +00:00
Treehugger Robot
d1a8e4f595 Merge "[dice][refactor] Arrange sample_inputs library and tests in one place" 2023-03-03 16:39:08 +00:00
Treehugger Robot
73da35bd02 Merge "Change request for Rust v1.68.0" 2023-03-03 12:31:21 +00:00
Alice Wang
4a3c97c0ad [dice][refactor] Arrange sample_inputs library and tests in one place 
This cl arranges the source code of sample_inputs and its integration
test diced_open_dice_cbor_test in one place.

Bug: 268322533
Test: m microdroid_manager
Test: atest libdiced_sample_inputs.integration_test
Change-Id: I33831b20d719ab43d96b3affb8f478db42ca2739
 2023-03-03 12:15:22 +00:00