Some mutexes on the add_auth_token path were more dependent on one
another than necessary. This could lead to a chain were add_auth_token
would block on waiting for a time stamp token, which in turn could stall
the execution for seconds.
Also fix some comments.
Bug: 183676395
Test: N/A
Change-Id: I5c6ae1e47fe232ea9954497108f807bbcd37fef7
This binary gets added to the system image under
/bin/rkp_factory_extraction_tool. The purpose of this tool is to query
every IRemotelyProvisionedComponent interface in the device manifest and
print out a CertificateRequest to stdout for each interface.
The CertificateRequest will contain no keys to sign and a semantically
useless challenge, since this tool is just for key upload. The items of
value will be the DeviceInfo CBOR blob which will get associated with
the encrypted device public key once it is uploaded to the backing
servers and decrypted.
The tool will fail if it is unable to successfully query an
IRemotelyProvisionedComponent interface that is specified in the device
manifest file.
Test: Build and run
Change-Id: Ia82787749be5963567019f6523075100208aa101
There are several errors printed in keystore2 startup due to above
NOT_FOUND errors.
Test: check keystore2 startup logs.
Change-Id: Icdf553b141cda09f371f7eb83b273444130fe3e7
This CL creates a new instance of async_task just to handle log
creation asynchronously due to two reasons:
1. Keystore2 starts much earlier than statsd and waits for it.
2. We want to take calling statsd API out of the critical path.
Bug: 185831595
Test: statsd_testdrive script
Change-Id: I79494edda1b195b0120e26d38ccc3e120977166b
Since no authentication is used for this key (only the
MaxUserPerBoot tag) the NoAuthRequired tag must be present.
Some buggy KM implementations don't require this.
Bug: 176450483
Test: keystore2_test
Test: boot Crosshatch device and check logs
Change-Id: Id12c0752938d746a9f6fbedbeb42fefd6049c20c
Add pull atoms for getting information about current state of keystore2
storage.
Bug: 172013262
Test: atest system/keystore/keystore2
Test: statsd_testdrive 10103
Change-Id: I0ee115d9bc65d17e6533c4520a1b65067cd2260c
Previously, PropertyWatcher would only wait for changes to a property,
however, if a property had not yet been created then PropertyWatcher
would fail. With this change, PropertyWatcher::wait will wait for
properties to be created as well as changed.
Bug: 172013262
Test: atest system/keystore/keystore2
Test: statsd_testdrive 10103
Change-Id: Ic2759581459759738c11e0c452c1457a4a95feea
While Keystore itself enforces that these keys can only be created/used
during a certain boot level, we need to verify ourselves that the key
actually *has* the correct boot level.
Bug: 167516462
Test: atest
Change-Id: I096d63323e0faf7a97ec5f571d2fdcee75d47c6e
Some keymint/keymaster devices return an error if Tag::PURPOSE is
present in the key parameters passed to the keymint/keymaster device's
begin() method. So we remove that Tag from the KeyParameters. The
Tag::PURPOSE is communicated to begin() as a separate argument anyway,
so the begin() method still has all the information it needs.
Bug: 184861759
Test: Cuttlefish and Bramble boot
Change-Id: Ifb08565ea29b9d148879533164266ccd113618c9
In when listing the keys for a user an empty list should be returned
instead of a system error if the user did not exists in the legacy
databse.
Test: atest keystore2_test
Change-Id: Ic9d4822dfe002adf2728b7f84e3e122a5bd1db24
Set the busy handler to None, because it is unlikely that a transaction
lock can be successfully taken while busy wating in the sqlite librarly.
Also add a vpn database stress test.
Bug: 184006658
Test: atest vpnprofilestore_test
Change-Id: Ia18d5e86683cde908444f6257949497fdd2872e4
Revert submission revert-1660531-max-boot-level-crypto-KFMCEDKSIV
Reason for revert: topic:vold-use-keystore2 has landed fixing the bug
Reverted changes:
Ibf63734a: Revert "Set earlyBootEnded before apex starts"
Id02f63a7: Revert "Expose AID_KEYSTORE"
Ibcedeff4: Revert "Cryptographic security for MAX_BOOT_LEVEL"
Restored changes:
Ia3b968afc:Set earlyBootEnded before apex starts
Ia69891291:Expose AID_KEYSTORE
I12530cd13:Cryptographic security for MAX_BOOT_LEVEL
Reverted-SHA1: 229f2c038c
Original commit message:
Use a KDF to generate a key for each boot level, anchored in a key
which can only be used once per boot.
Bug: 176450483
Test: atest com.android.tests.odsign.OnDeviceSigningHostTest#verifyArtUpgradeSignsFiles
Change-Id: I62609052647316c5c381e1df12963996aba97f23
With the upgrade to 1.51.0 there are a bunch of new clippy
errors. Disable these on a per-file basis until they can be
addressed by the keystore owners.
Test: TH
Bug: 184833962
Change-Id: Idd96447370d6ff31032bbaecddbce0a035821f41
The calling code handles missing public keys, but the implementation did
not handle missing certificates, so this would trigger a program crash.
Test: Run with cuttlefish keymint implementation
Bug: 182928606
Change-Id: Ie80373d0a3eca2b39e963c175feafd20698f499b
This updates the APC code to use &Strong<dyn IConfirmationCallback>
instead of &dyn IConfirmationCallback for AIDL interfaces.
Bug: 182890877
Test: m
Change-Id: Ia841cf22daa1ef2f497fcc9bd0bbfa649100f86e
This patch implements unique id rotation on factory reset. It is assumed
that the timestamp file disappears on factory reset so the timestamp
file's creation time gives a lower bound on the time since the last
factory reset.
Bug: 184784809
Test: atest keystore2_test
Change-Id: Iaa1c74b0ccffe69d5d9c68e7c6dac98a13136437
