Since Android R, Parcel provides read/write methods for "@nullable"
values using std::optional.
Bug: 149784838
Test: m
Change-Id: I343841e690ed2d00548bb2ad623e07fa26823214
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
This commit replaces <cutils/log.h> and <utils/Log.h> with <log/log.h>.
Background:
<cutils/log.h> has been moved to <log/log.h> for a while. Both
<cutils/log.h> and <utils/Log.h> simply includes <log/log.h> for
backward compatibility. This commit is a part of the effort to remove
<cutils/log.h> and <utils/Log.h> from the source tree eventually.
Bug: 78370064
Test: lunch aosp_walleye-userdebug && cd system/security && mma
Change-Id: I798f06d78e2cc5cd197727c0bcdd05c87d769a90
Limit the size of the Application ID attestation vector _prior_ to
sending it for attestation by Keymaster.
Previously, the Attestation Application ID vector would be DER-encoded
to contain all packages belonging to the caller UID, and only then
truncated to the max value that could be sent to Keymaster (1K),
potentially resulting in malformed DER-encoded data.
This makes clients' lives hard, as they would have to deal with
malformed DER, and breaks CTS tests that expect to parse this field in
the attestation record, when the device has too many packages running on
the system UID.
This change limits the size of the DER-encoded vector that would be
passed into Keymaster by estimating the encoded size and refraining from
adding any more package information into it if it'd exceed 1K when
encoded.
Also, cope with PackageManager failure to provide the list of packages.
Merged-In: I39ab9338922f7be358d27e1b2dae5d0a36009109
Test: keystore_unit_tests (adb pushed to /data/local/tmp, then: LD_LIBRARY_PATH=/data/local/tmp /data/local/tmp/keystore_unit_tests)
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 112179406
Bug: 112061724
Bug: 111260028
Change-Id: I0759a632fbf678814f6b1c258f0b2e2524edb85c
The version code is one of the fields included in the attestationApplicationId field
of the attestation record (tag 709).
It was converted to a 64-bit integer (returned by getLongVersionCode) in
Change-ID Ibfffe235bbfcf358b3741abd3f7197fdb063d3f3.
This broke the KeyAttestation test as the Signature array size (the 4 bytes
read after the 4 bytes that used to be the int32 indicating version code)
gets incorrectly read as zero, causing the omission of any signature info
in the attestation record produced.
This fixes the broken functionality by changing the field type in the native
code to int64_t, and the integer value in the attestation record to match.
Bug: 71021326
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I5fe53eb75b544f307c0f419029735ca22fe2b595
The previous change to add support for attestation for system keys
broke attestation for non-system keys, causing keystore to segfault
and the CTS tests to fail.
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I08d649755e78bb044157b44b30f1d13183447634
When key attestation is requested by the system context, indicate, in
the attestation record, that the requesting package is the system and
not a user app.
This is done by including a single package information with
"AndroidSystem" as the package name and an empty signature.
This change is needed because the package manager currently fails to
provide package details for the system context (UID 1000). Even if it did,
it would be too verbose and include irrelevant packages.
This is necessary for supporting key attestation for keys generated
directly by KeyChain.
Bug: 63388672
Test: Combined with CTS tests for the attestation feature.
Change-Id: I33492ad1286709fe94b11be77e94d4effdf7566f
Signatures, or rather the signing certificates must be the same
for all packages sharing a uid. This patch changes the
format of the attestation application id such that there is
only one set of certificate digests rather than one per package.
Change-Id: I8c37ac452bbe8ea299fa08de5034b8370e736f6c
This patch adds functionality for gathering an application id
for the attestation of a key that is bound to an application
in the keystore.
Keystore gathers the information package name, package version,
and signing certificates of the calling app from the package manager.
It then DER encodes the information and appends it to attestation
parameters.
Bug: 22914603
Change-Id: I9fe1d8f97ee1dfa79284bcf751f86631c94d4174
