This patches changes the keystore to use the asychronous api model for
begin, update, finish, and abort.
Also removes unused class KeystoreArguments (aidl and implementation).
Test: Keystore CTS tests
Bug: 111443219
Change-Id: Icc6def9ff6dbe32193272d7d015079a006ebc430
This commit replaces <cutils/log.h> and <utils/Log.h> with <log/log.h>.
Background:
<cutils/log.h> has been moved to <log/log.h> for a while. Both
<cutils/log.h> and <utils/Log.h> simply includes <log/log.h> for
backward compatibility. This commit is a part of the effort to remove
<cutils/log.h> and <utils/Log.h> from the source tree eventually.
Bug: 78370064
Test: lunch aosp_walleye-userdebug && cd system/security && mma
Change-Id: I798f06d78e2cc5cd197727c0bcdd05c87d769a90
Fixes for issues found in wifi integration tests:
1. ensure_keystore_engine() needs to be invoked before we access
|g_keystore_backend|.
2. The HIDL backends need to return 0 when the operation succeeds.
Bug: 34603782
Test: Manual tests.
Change-Id: If61d3bef27dab6f4fb73113f0ed6d3e784a29f32
This CL adds variants of the public key retrieval and signing
routine which use the WiFi Keystore HIDL for the backend.
The Android.mk has been modified to build a second variant of
the library to expose this HIDL backend. While here, add
guards to all headers.
Bug: 34603782
Test: Able to connect to wifi passpoint networks.
Change-Id: I444ef383e4d3fdabc10c3e44c1bae9747613c8cf
Create a pure virtual class "KeystoreBackend" which supplies the
crypto methods used by android_engine. Create a KestoreBackendBinder
class which implements the binder backend as a no-op change that
will allow future backends to be added.
Bug: 34603782
Test: Compiles
Change-Id: I16620aba569bd53290145b2b30242c4888106d0a
This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition. In the process
of porting, keystore underwent some changes:
* Keystore got a new implementation of AuthorizationSet that is fully
based on the new HIDL data structures. Key parameters are now either
organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly,
this was a mixture of keymaster's AuthorizationSet,
std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The
former is used for memory management and provides algorithms for
assembling, joining, and subtracting sets of parameters. The latter
is used as wire format for the HAL IPC; it can wrap the memory owned
by an AuthorizationSet for this purpose. The AuthorizationSet is
accompanied by a new implementation of type safe functions for
creating and accessing tagged key parameters,
Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
response codes. Keystore has two sets of error codes. ErrorCode
errors are less than 0 and use 0 as success value. ResponseCode
errors are greater than zero and use 1 as success value. This patch
changes ResponseCode to be an enum class so that is no longer
assignable to int without a cast. The new return type can only be
initialized by ResponseCode or ErrorCode and when accessed as int32_t,
which happens on serialization when the response is send to a client,
the success values are coalesced onto 1 as expected by the
clients. KSSreturnCode is also comparable to ResponseCode and
ErrorCode, and the predicate isOk() returns true if it was initialized
with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
success, regardless of the input, internal errors, or lack of
permissions.
* The marshalling code in IKeystoreService.cpp was rewritten. For data
structures that are known to keymaster, the client facing side of
keystore uses HIDL based data structures as (target) source
for (un)marshaling to avoid further conversion. hidl_vecs are used to
wrap parcel memory without copying and taking ownership where
possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
of the old HAL). The new implementations avoid explicit use of
malloc/new and waive the use of pointers for return values. Instead,
functions return by value objects that take ownership of secondary
memory allocations where required.
Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts
Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
RSA_FLAG_EXT_PKEY, despite the name, is only about calling the RSA_METHOD's
mod_exp hook while reusing the rest of the RSA_private_transform logic. This
code doesn't provide mod_exp and instead overrides private_transform, so the
flag is a no-op.
The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).
Now that the new version has landed, this change removes that support.
Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
Change-Id: I3d09b5644661353723803bcbda937d34455849a5
This change allows system/security to build with the latest BoringSSL.
1) RSA methods have gained a function pointer, |supports_digest|, which
allows methods to indicate that they only support certain hash
functions via the high-level interface.
2) EC_GROUP_set_point_conversion_form has been removed (it was
previously a no-op).
Change-Id: I590094d8904f418cfd6baf064ac9799525fbc09e
This change adds a new ENGINE implementation for BoringSSL. It's a no-op
until external/openssl is switched to BoringSSL.
BoringSSL's ENGINEs are very different from OpenSSL's (and very much
smaller). Thus this change adds replacement code that is conditionally
compiled when BoringSSL is used.
Rather than building a .so that is put in a special directory and loaded
by OpenSSL dymanically, the code becomes a normal library that exports a
single function: EVP_PKEY_from_keystore. All the |ENGINE_load| etc
functions that callers previously needed become moot with BoringSSL.
Bug: 17409664
Change-Id: I8b5ba255f86ec5d0f28994358dc0f0b516f0af40
