Commit graph

26 commits

Author SHA1 Message Date
Max Bires
5bb33f4638 Changing libcppbor dependency
This change replaces libcppbor with libcppbor_external as part of the
effort to remove the partial libcppbor copy that lives in
hardware/interfaces.

Bug: 182445123
Test: It builds
Change-Id: I9c96cdf807979ecf806c80edd3cec9c443294c22
2021-04-05 17:51:43 -07:00
David Zeuthen
62d43bf7cb identity: Use "credstore" for LOG_TAG everywhere.
Currently we're using file-specific tags which makes it hard for
people looking at logcat to infer it's actually from credstore and it
also complicates filtering. Just use "credstore" everywhere.

Also change logging level from ERROR to INFO in the message
"Registered binder service" which is logged on startup.

Bug: None
Test: Compiles + manual inspection via logcat
Test: atest android.security.identity.cts (on goldfish)
Change-Id: I336d1a4e4e10b87fd3f08a5046cf5e13f09c9cb6
2021-03-31 10:46:42 -04:00
David Zeuthen
6eda4846ec Merge changes from topic "identity-add-presubmit"
* changes:
  keystore2: Also run CtsIdentityTestCases on presubmit.
  identity: add TEST_MAPPING file to run identity CTS in presubmit.
2021-03-31 13:27:03 +00:00
David Zeuthen
74aad63ada identity: add TEST_MAPPING file to run identity CTS in presubmit.
Bug: None
Test: N/A
Change-Id: I97399c492fca2d3602792b149246e9e817179810
2021-03-23 12:10:06 -04:00
Hasini Gunasinghe
4b462a511a Fix bug where credstore is immediately exiting.
This CL adds the fix for the credstore failure reported in b/183253539.

Bug: 183253539
Test: CtsVerifier's Identity Credential Authentication test
Test: atest android.security.identity.cts
Change-Id: I396f36a58d260e3e081ef8a94aaf64431d0ad484
2021-03-22 21:05:39 +00:00
Hasini Gunasinghe
8c9853fc2c Credstore: Remove dependency to keystore1.
This CL removes dependency to keystore1 from credstore.

Test: yet to be tested.
Change-Id: I75934d1154d955aca3ea0cd0651690f68c6a8b55
2021-03-19 10:13:34 -07:00
Janis Danisevskis
4c2b041a32 Keystore 2.0: Start keystore2 unconditionally.
Bug: 170144267
Test: N/A
Merged-In: Ia942a494c2af96a55d83a2495f4e5fba9eb77dff
Change-Id: Ia942a494c2af96a55d83a2495f4e5fba9eb77dff
2021-03-17 08:17:12 -07:00
Hasini Gunasinghe
984c630e3f Fix the text of the error message, in the case of service specific error
This is a followup CL to address the last code review comment at:
aosp/1612458.

Test: N/A. This is only a change in the text of the error.

Change-Id: I5d5a040ee23ef20836633e296376c6e4bbfc0e47
2021-03-15 17:34:22 +00:00
Hasini Gunasinghe
1b531b91c0 Integrate getAuthTokensForCredStore method with credstore.
Bug: 159341610
Test: CtsVerifier

Change-Id: Ia2b7f1a27a05e92c7b5bb5da14caa423a70ac15b
2021-03-12 20:25:31 +00:00
David Zeuthen
27407a5743 credstore: Fix several problems with credstore.
The root of the problem is that in some cases credstore would
pass auth- and verification-tokens to the Identity Credential
HAL without first having obtained a challenge via
IIdentityCredential.createAuthChallenge(). This makes it
impossible for the TA to validate the verification token for
freshness.

This is easily fixed by simply ensuring createAuthChallenge()
is called (and the returned challenge is used in the requested
verification token) whenever dealing with ACPs using user
authentication.

Additional issues / changes:

 - During Android 12 development, an use-after-free bug was
   introduced in Credential.cpp L120.

 - keystore's getTokensForCredstore() had some bugs in how to
   select an auth-token, in particular mixing authTokenAgeMillis
   (milliseconds) with time_t values (seconds)
   - as a result, keystore would sometimes return tokens older
     than what credstore requested. This wasn't actually problem
      because the TA would check it anyway.
   - we now precisely define semantics in IKeystoreService.aidl

 - Another potential use-after-free bug was found in
   Credential.cpp L767

None of the fixes for these bugs affect CTS or VTS tests.

Bug: 181893400
Test: atest android.security.identity.cts on emulator
Test: atest android.security.identity.cts on crosshatch (w/ Android 11 era HAL)
Test: CtsVerifier's Identity Credential Authentication test crosshatch (w/ Android 11 era HAL)
Change-Id: I45a3fd16eff3b6a232d8b8c88f2e3dd3619a9c03
2021-03-08 11:10:28 -05:00
Bob Badour
4c7858c848 [LSC] Add LOCAL_LICENSE_KINDS to system/security
Added SPDX-license-identifier-Apache-2.0 to:
  fsverity_init/Android.bp
  identity/Android.bp
  keystore/tests/Android.bp
  keystore2/Android.bp
  keystore2/aaid/Android.bp
  keystore2/aidl/Android.bp
  keystore2/apc_compat/Android.bp
  keystore2/selinux/Android.bp
  keystore2/src/crypto/Android.bp
  keystore2/src/km_compat/Android.bp
  ondevice-signing/Android.bp
  provisioner/Android.bp

Added SPDX-license-identifier-Apache-2.0 SPDX-license-identifier-BSD to:
  Android.bp
  keystore/Android.bp

Added SPDX-license-identifier-BSD to:
  keystore-engine/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all

Exempt-From-Owner-Approval: janitorial work
Change-Id: Ic9e19695bd19c3f127dfd545df60e4c9df89af77
2021-02-14 10:37:25 -08:00
Jeongik Cha
98a5d095fa Specify version for aidl_interface explicitly
Bug: 150578172
Test: m
Change-Id: I5101d318c40268af8b8965910c0ff9d621f96740
2021-01-27 07:38:28 +09:00
David Zeuthen
472e6c8e18 Credstore changes for Android 12
- Add Credential.proveOwership()
- Add Credential.deleteWithChallenge()
- Add Credential.updateCredential()
- Add Credential.storeStaticAuthenticationDataWithExpirationDate()
  - Store this on disk. For entries stored without this parameter
    assume they never expire.
- Add allowUsingExpiredKeys to Credential.selectAuthKey() and
  Credential.getEntries()
  - Unless set to true, never select an expired key
- Introduce ERROR_NOT_SUPPORTED and return this if HAL does not
  support operation

Bug: 170146643
Test: atest android.security.identity.cts
Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589
2021-01-22 18:37:03 -05:00
David Zeuthen
5263000348 credstore: Don't require credentials to use ACP ids starting at 0.
This fixes a bug in credstore where it only worked if a credential
used ACP ids starting at zero and upwards (e.g. no holes). This is not
a reasonable requirement, it just happened to be a bug which wasn't
triggered because all CTS tests uses identifiers starting at 0 with
no holes.

This bug-fix is merged along with a new CTS test to check this bug no
longer exists.

Bug: 160966911
Test: atest android.security.identity.cts
Test: New CTS test testProvisionAcpIdNotStartingAtZero
Change-Id: I58595e6bf5f3ca3f82ebe9291fde54b7cf11e0dd
2020-07-10 14:14:52 -04:00
Yi Kong
1bdb61e5fa Fix incorrect use of TEMP_FAILURE_RETRY
TEMP_FAILURE_RETRY expects an argument that returns -1 on temporary
failure, not a boolean.

Test: TreeHugger
Change-Id: If8cb4a440e909c4ed7cbfdd34454670b0d5ee045
Exempt-From-Owner-Approval: Janitorial fix
2020-06-19 18:27:11 +00:00
David Zeuthen
673c6ced22 credstore: Never pass an empty challenge.
Bug: 156911917
Bug: 158107945
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts

Change-Id: Ia274fcbaabb0c0ec7c884070eb30737dc236c064
2020-06-03 17:26:27 -04:00
David Zeuthen
59102f388f keystore: Pass verification token to credstore along with requested auth token.
This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.

Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.

Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241
2020-05-08 11:30:49 -04:00
David Zeuthen
e2a78a48c0 credstore: Pass additional information to Identity Credential HAL.
Without this extra information passed upfront it's not practical to
implement a HAL which incrementally builds up cryptographically
authenticated data.

This information is conveyed by using two new methods on version 2 of
the Identity Credential HAL. If these methods are not implemented (if
a version 1 HAL is running) the invocation fails and we handle this
gracefully by just ignoring the error.

Bug: 154631410
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts

Change-Id: I17d516e41e800f58daa4c11dcca0305c80740d5b
2020-04-29 09:52:51 -04:00
David Zeuthen
55975ecbcf credstore: signingKeyBlob was moved from finishRetrieval() to startRetrieval().
The implementation of the Identity Credential TA in constrained
environments may need to incrementally update the HMAC-SHA256 of
DeviceAuthencation CBOR to avoid keeping the entire CBOR structure in
memory. To do this they need to calculate the derived key before
starting to build the CBOR so they need access to the signingKey
earlier on. Update credstore to pass the signingKey earlier.

Bug: 150390415
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Change-Id: If2479a10f80fba748591c30aa7b8662e1063787e
2020-02-27 14:32:55 -05:00
David Zeuthen
a6f9fba382 Port credstore to IdentityCredential AIDL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b
2020-02-14 13:41:52 -05:00
Treehugger Robot
fc1fc88195 Merge "Factor keystore_attestation_id into library and also use this in credstore." 2020-02-04 21:31:31 +00:00
David Zeuthen
f2a28671b0 Factor keystore_attestation_id into library and also use this in credstore.
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
2020-01-31 16:23:30 -05:00
Treehugger Robot
61e8fb9442 Merge "identity/Util: Fix file write check" 2020-01-27 18:01:34 +00:00
Greg Kaiser
c8966aa0da identity/Util: Fix file write check
The results of TEMP_FAILURE_RETRY can be negative in an error
case.  But we were assigning it to an unsigned size_t, and
thus our check to see if it was negative would always be false.

We switch to storing this result in a signed ssize_t, so we'll
properly handle a negative return value.  As long as we're
never writing more than 2GB (ssize_t max on a 32-bit system),
this shouldn't be a problem.

Test: TreeHugger
Change-Id: I3d417fab7c3ee7557221f9757567379d1b8cb6da
2020-01-21 07:09:51 -08:00
David Zeuthen
13de6a9fe4 credstore: update credstore.rc to use correct class, user, and group.
Bug: 111446262
Test: Manually inspected
Change-Id: If99f55fcd6034e059d8d7100a94ec59fb6c66a72
2020-01-17 16:52:01 -05:00
David Zeuthen
ab3e565511 Add credstore system daemon.
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.

This daemon runs as an unprivileged user, credstore.

The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.

Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
2020-01-16 13:05:48 -05:00