This reverts commit 7fd8e853e9.
Test: still see keystore process running
Bug: 112038744
Bug: 150267620
Change-Id: I4fe3c6aeecf960377671d11be0a4dc9fa60dfb18
If there were no secure keymasters on a device, but software keymasters
offered, then keystore would shuffle the software keymaster to the
TRUSTED_ENVIRONMENT securityLevel keymaster slot and generate a software
fallback keymaster. This change lets the software keymaster slot occupy
both the default and software slot. A fallback keymaster implementation
should only be invoked if there actually is no other keymaster
implementation.
Bug: 148773266
Test: atest KeyChainTests:com.android.keychain.tests.BasicKeyChainServiceTest#testAttestKeySucceedsOnGeneratedKey -- --abi x86
Change-Id: Ia845b6d8be85dcd6dfd3aecbb1dbda972e9cfff2
This is the first part of the update, adjusting keystore to use the
KM4.1 interface, but not call any of the new methods. That will come
in a subsequent CL.
Test: CtsKeystoreTestCases
Change-Id: Ib7486aad46c144471a1607eec31b8df1059a511d
Merged-In: Ib7486aad46c144471a1607eec31b8df1059a511d
This was needed because credstore needs to generate and pass the
generated AttestationApplicationId to the Identity Credential HAL.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: Id22b85ca083e23c7e1fbd3459910fba37a5db137
Cancelling an APC request from the app side must lead to a callback to
unblock the caller.
Bug: 138655142
Bug: 148411844
Test: atest confirmationui_invocation_test
Change-Id: If71ffc7d3d75dde6f0217ccdb003569149947ec8
Increment the rate limiting counter when the application sends an abort
message.
Bug: 138655142
Test: Ran keystore_unit_tests and manually checked behavior of
keystore application with confimrationui.
Merged-In: I5f3af166391a32748a26f7709d30a5ac718499c0
Change-Id: I5f3af166391a32748a26f7709d30a5ac718499c0
Increment the rate limiting counter when the application sends an abort
message.
Bug: 138655142
Test: Ran keystore_unit_tests and manually checked behavior of
keystore application with confimrationui.
Change-Id: I5f3af166391a32748a26f7709d30a5ac718499c0
Without this permission check any app can toggle the locked state of
keymaster once it has been unlocked for the first time.
Bug: 144285084
Test: Manually tested with debugger that the requred code paths are
run.
Change-Id: Idb8a200dc2963e1085e9fddd0c565c5172465e65
This is the first part of the update, adjusting keystore to use the
KM4.1 interface, but not call any of the new methods. That will come
in a subsequent CL.
Test: CtsKeystoreTestCases
Change-Id: Ib7486aad46c144471a1607eec31b8df1059a511d
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.
This daemon runs as an unprivileged user, credstore.
The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.
Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
This patch makes keymaster worker threads linger for 30s in anticipation
of more incomming requests.
Change-Id: I76069c74d7f013482a777dfcf279d55aeb8e1c00
This reverts commit 286c4b0532.
Reason for revert: Wifi services no longer plan to be a separate
APK/process for mainline. Will instead become a jar loaded from Apex.
Bug: 144722612
Change-Id: Ie6c8265f36cd358a87e88e293158df01d262d8cc
Test: Device boots up & connects to wifi networks
This reverts commit ef4f067c03.
Reason for revert: The underlying system support required to properly fix this bug has been implemented. This patch-over is no longer necessary. Patches listed in b/25646100
Test: atest keystore_unit_tests
Change-Id: I8e3e78f1440a81e60ab4986c5bb07df205a60062
Keystore's security originally derived from encrypting keys with a key
derived from the user's password. To avoid making keystore into a
password brute force oracle, keystore cleared itself after five
incorrect presentations. All of this has been superseded by moving
keystore's security into Keymaster, and by moving password security
into Gatekeeper/Weaver, and further by implmenting the synthetic
password model.
This CL removes the now-useless and occasionally-dangerous keystore
self-destruct.
Test: Manual
Change-Id: Id85c1c39769701bbc0dcfcb76511faf9eeb65496
reset is being deprecated. There is no real use case for it anymore. It
was exposed in binder, but that has been fixed. This commit removes any
portions of reset that were associated with handling the binder call.
Bug: 143309987
Test: android builds
Change-Id: Ie9dd53b66244dd47e31a37763152a0db14eca5ed
go/cleanup-greylist-txt
These have already been greylisted, however due to bugs/omissions in the tooling have been kept in go/greylist-txt instead of being annotated in the code.
Bug: 137350495
Test: m
Change-Id: If694cc885291c0c0cf14d8b880fc7ac4948dbe1b
ag/5984229 that added support for AES-256 master keys inadvertently
caused them not to be encyrpted by the user's password. This is less
damaging to security than it might appear because these keys are also
encrypted by Keymaster, in the TEE or StrongBox.
Bug: 141955555
Test: Manually verify password is encryption on a userdebug build.
Change-Id: Ic5e82546df67346e4c348273cf4fe2bac382c9dc
(cherry picked from commit b951bc5317)
The wifi stack will be running inside the network_stack process for
devices which will accept wifi mainline module in R. So, add a effective
uid entry to allow calls from wifi stack inside network_stack to use
keystore blobs stored by wifi uid.
Bug: 142298627
Test: Compiles, will verify failing tests.
Change-Id: Iff19bcad134a3531934215ea4b7d975433da787d
The operation device map needs to be cleand up on finish regardless of
whether the operations succeeds of fails. The operation lifecycle ends
in any case.
Bug: 141317862
Test: Generate key and perform repeated operations.
Watch memory consumptoin not raise with using:
adb shell dumpsys meminfo keystore
Change-Id: I3a25aa67f121832640848a38398c523e20a2c6df
A bug introduced in a patch intended to upgrade keystore master keys
to use AES-256 and SHA-256 instead of AES-128 and SHA1 causes the
newly-updated master key to fail to be retrievable ever again. Making
this worse, after five successive failures, keystore decided that all
the data is bad and wipes the user's keystore. This problem happens
on every password change if the master key is 128 bits. Luckily,
since the introduction of synthetic passwords to support escrow
tokens, the password presented to keystore is the synthetic password,
which never changes. So this problem only crops up in devices that
did not have synthetic passwords (launched with Android N or earlier),
were not upgraded to O DR1 (when synthetic passwords were enabled by
default), were never factory reset or had their password removed and
re-added during all of that time and were then upgraded to P or Q,
when the master key upgrade code was present.
This CL fixes the upgrade process so that updated master keys can be
used. It doesn't change the key size, the keys stay 128 bits, but now
they're readable and usable. Factory resetting allows an entirely
new master key to be generated, which will be AES-256.
Note that the keystore master key is not really essential to the
security of Keystore keys. They're also encrypted by the secure
world (TEE or SE), which is their primary protection. The master key
just provides a cryptographic dependency on the user's password, so
that in the event of a secure world break the attacker still has to
brute force the user's password to recover the key material, or use of
the protected keys.
Bug: 129970023
Test: Manual
Change-Id: I8ce2bb2359cf822039c137bb6bb1fc225da47c29
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.
Bug: 141248879
Test: m checkbuild
Change-Id: I4e0e287fab5d8968359dd98ad84b0a0713d93b41
