| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
RecoveryService.rebootRecoveryWithCommand()
Adds deleteSecrets() to RecoverySystemService. This method is called
from rebootRecoveryWithCommand () before the --wipe_data command is
passed to recovery and the device is force-rebooted.
deleteSecerts() calls IKeystoreMaintenance.deleteAllKeys() in order to
quickly destroy the keys protecting the synthetic password blobs
used to derive FBE encryption keys.
The intent is to make FBE-encrypted data unrecoverable even if the full
data wipe in recovery is interrupted or skipped.
Bug: 324321147
Test: Manual - System -> Reset options -> Erase all data.
Test: Hold VolDown key to interrupt reboot and stop at bootloader
screen.
Test: fastboot oem bcd wipe command && fastboot oem bcd wipe recovery
Test: fastboot reboot
Test: Device reboots into recovery and prompts to factory reset:
Test: 'Cannot load Android system. Your data may be corrupt. ...'
(cherry picked from https://android-review.googlesource.com/q/commit:0d00031851e9f5d8ef93947205a7e8b5257f0d8d)
Ignore-AOSP-First: Security fix backport
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dfbaa7295390de97ae2e8b154cc9be5512108ac4)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:d020a38e4148a642e2f06363e27cce60097efa5d)
Merged-In: I5eb8e97f3ae1a18d5e7e7c2c7eca048ebff3440a
Change-Id: I5eb8e97f3ae1a18d5e7e7c2c7eca048ebff3440a
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- A minimal implementation to pass CTS and Play Integrity while
loading correct ARCore profiles if existing
- Loosely inspired by PixelPropUtils from
https://github.com/PixelExperience/frameworks_base/blob/twelve/core/java/com/android/internal/util/custom/PixelPropsUtils.java
- Thanks Danny for original idea at
https://github.com/ProtonAOSP/android_frameworks_base/blob/sc-qpr3/core/java/com/android/internal/gmscompat/AttestationHooks.java
- Thanks Dyneteve for fixing Play Integrity API at
https://github.com/hentaiOS/platform_frameworks_base/commit/c9a086f9b635bf4e3e61fbd501ade464f8f5b713
Change-Id: I6937258c8297aa909fcdb3b40195cbd6dc0f869b
Co-authored-by: Chris Crawford <chriscrawford893@gmail.com>
Co-authored-by: jhenrique09 <jhenrique09.mcz@hotmail.com>
Co-authored-by: Danny Lin <danny@kdrag0n.dev>
Co-authored-by: Adithya R <gh0strider.2k18.reborn@gmail.com>
Signed-off-by: Omkar Chandorkar <gotenksIN@aospa.co>
|
| |
|
|
|
|
|
|
|
|
| |
Previously, the key pair generation would error out even if we
successfully provisioned attestation keys. Instead, we should retry
key generation after the GenerateRkpKeyService reports an OK status.
Bug: 231495834
Test: RemoteProvisionerUnitTests
Change-Id: I049294cbc7119de55b5de02499bf4609d4c6de5d
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement support for the X25519 key agreement functionality.
Similar to Ed25519, two new classes are added:
* AndroidKeyStoreXDHPrivateKey
* AndroidKeyStoreXDHPublicKey
The private key class is simply a handle to the KeyMint key.
The public key class implements XECPublicKey, the interface
needed for using this key in a platform-backed key agreement.
Because of Conscrypt API boundaries, the functionality of Conscrypt's
OpenSSLX25519PublicKey is duplicated here - namely, matching the
prefix of the encoded key.
Bug: 194359292
Test: atest android.keystore.cts.Curve25519Test
Change-Id: Ifc12be528ab544fd6909bb0dd6224a0a4dd400c6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wire Ed25519 signing into Keystore. This consists of registering a
provider for Ed25519.
Ed25519 has its own digest scheme, so the caller should specify "none"
as the digest scheme, and that's the tag that's going to be passed into
KeyMint.
However, unlike other uses of the "NONE" digest scheme, the input to the
signature algorithm should not be truncated.
Bug: 194359292
Test: atest android.keystore.cts.Curve25519Test
Change-Id: Icce4f7f2f8fa10081a9c6beff4813c2d91756469
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement support for Ed25519 signing keys in Android Keystore.
Because Conscrypt does not yet handle those keys, the Keystore classes
implement EdECPublicKey directly and parse the keys.
Specifically, AndroidKeyStoreEdECPublicKey can take an encoded X.509 key
specification, validate the encoding is of an Ed25519 key, then parse
the oddity and Y point on the curve.
RFC8032 describes EdDSA signature scheme, particularly Ed25519.
RFC8410, Section 3, defines the OID for Ed25519 keys (1.3.101.112).
RFC8410, Section 4, describes the encoding of the public key.
Bug: 195309719
Bug: 194359292
Bug: 214203951
Test: atest android.security.keystore2.AndroidKeyStoreEdECPublicKeyTest
Change-Id: I07b793cbd5029630768368ad4a863bbc1c828ced
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
c6030f0765
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2048789
Change-Id: Ib86d332d64f0fae0d83d52a6e55d9dfc25c4f06b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds some integers to the AIDL interface in order to convey
status back to the caller of generateKey(). This will inform the caller
as to whether or not the errors that may occur during provisioning are
permanent, and if not, what to do with the transient error.
Bug: 227306369
Test: RemoteProvisionerUnitTests
Change-Id: I9202358a102b0fb0a104525632a005acb7355840
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| | |
f6354a20d5 am: 9025d607a0
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2060058
Change-Id: Id9255df063a48ea3006b9cada59cc5d9543f17ea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
| | |
| |
| |
| |
| |
| | |
Bug: 187537410
Test: None, comment change only
Change-Id: If6085fa6f46a54df0700e2599f4f98e42f33a164
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On systems that rely solely on remotely-provisioned keys (RKP),
the attestation keys may run out or be unavailable for attesting
a newly-generated key. This could happen when:
* the device first connects to the Internet
* The device had all the keys used and:
** It hadn't yet completed obtaining new ones.
** The RKP server declines to issue new keys.
In these cases, the caller must be informed that their key generation
request failed (likely temporarily), and that they should retry it.
The retry policy returned tells the caller when to re-try.
Bug: 227306369
Test: atest android.keystore.cts.KeyStoreExceptionTest
Merged-In: Ief30a3ab97da95b68d172e725c38acbefab92fa9
Change-Id: I0b2619fcbcb3ac4d94ed85f3ce5934e015c0828c
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
On systems that rely solely on remotely-provisioned keys (RKP),
the attestation keys may run out or be unavailable for attesting
a newly-generated key. This could happen when:
* the device first connects to the Internet
* The device had all the keys used and:
** It hadn't yet completed obtaining new ones.
** The RKP server declines to issue new keys.
In these cases, the caller must be informed that their key generation
request failed (likely temporarily), and that they should retry it.
The retry policy returned tells the caller when to re-try.
Bug: 227306369
Test: atest android.keystore.cts.KeyStoreExceptionTest
Change-Id: Ief30a3ab97da95b68d172e725c38acbefab92fa9
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
b8ebf69571 am: 2e64dda571 am: 289609bdb3
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2017095
Change-Id: Iddeb472553b4713fc51613effa6e565188119bf8
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit bb5c49e5108262f42dceb61620c6c530dd529579.
Reason for revert: functionality removed
Change-Id: Ib04a1690b8892af53ca6449e3a38e10490baf9da
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
bab26cc607 am: 050d61f1b3 am: 8249f4a893
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2015496
Change-Id: I666cce14a67b605c9cc64991ee07755b4d85173a
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Ensure that the user gets an accurate error message when they try to
generate Curve 25519 keys according to JEP 324
(https://openjdk.java.net/jeps/324).
Android Keystore requires every key to have a name, so it is not
possible to generate a key using NamedParameterSpec only (with a
KeyPairGenerator).
Support this and throw an exception to the caller indicating how they
_can_ generate keys with this curve.
Bug: 222440855
Bug: 195309719
Bug: 194359292
Test: atest android.keystore.cts.KeyFactoryTest android.keystore.cts.Curve25519Test
Test: atest CtsLibcoreTestCases:libcore.java.security.ProviderTest
Change-Id: I5aa163f177507906c6482d079eb6cb55d93accf7
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not register Curve 25519 algorithms as key factories, until we fix
the registration to be in compliance with JEP 324.
Bug: 222440855
Bug: 222194540
Test: atest android.keystore.cts.Curve25519Test android.keystore.cts.KeyFactoryTest#testAlgorithmList CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_getServices
Merged-In: Ibd53070a890955affaff5e4e7213892afd423db7
Change-Id: I11b3574aeff54b3eb8bf496c4c14aa1338629ce5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do not register Curve 25519 algorithms as key factories, until we fix
the registration to be in compliance with JEP 324.
Bug: 222440855
Bug: 222194540
Test: atest android.keystore.cts.Curve25519Test android.keystore.cts.KeyFactoryTest#testAlgorithmList CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_getServices
Change-Id: Ibd53070a890955affaff5e4e7213892afd423db7
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
7b17653639 am: cb479e0827
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1984970
Change-Id: Ib9fc34d05614192e4762b9e7934738e074728fca
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add support for Curve 25519 in the public API.
This requires upgrading the keymint dependency to V2.
Note that this CL only passes tha tags to Keystore,
but does not yet let the caller use the generated keys
because of missing Conscrypt classes.
Bug: 194359292
Test: atest android.keystore.cts.Curve25519Test
Change-Id: I15223abec34b72c857e26fcc47d8ecf08c1f8c8d
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Context.unbindService() should always be called even if the
previous bindService() call returns false. Otherwise the service
might be left dangling.
Bug: 211582968
Test: None
Change-Id: Ic1705096254afa12993d8992303432896bfecd57
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
b3612e019f am: e53fd593b5 am: a2b165989b
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1969819
Change-Id: I0f3d9721af9aa47bf7f7ae6a419d79ec3547210b
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Surface the service-specific error message. To avoid API changes, the
error message is surfaced in the toString / getMessage methods.
Test: atest android.security.keystore.KeyStoreExceptionTest
Bug: 217593122
Change-Id: Id4090564b46db9b3b10ea390390f6683f7314463
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Report KeyStore/KeyMint error messages via public API.
This lets developers find out:
* Whether an error is transient or not.
* Whether a failure is due to a system error
(system configuration/state/capabilities), or a key-related error.
* Whether user authentication is required to use the key.
Test: atest CtsKeystorePerformanceTestCases CtsKeystoreTestCases
Bug: 197890905
Merged-In: I776d9e9cc01a9dc3542a63000ee0709847760963
Change-Id: Ica0c93fdd4b89255ee0a03a9b9b948202777d4d4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Add a new boolean attribute `inheritKeyStoreKeys` to allow apps to
indicate whether they want keys to be transferred to the updated app
- Call the appropriate KeyStore method to migrate keys from the old
namespace to the new one
- Clear keys owned by the previous app ID if it is removed
Test: atest SharedUserMigrationTest#testKeyMigration
Test: atest AndroidPackageTest
Bug: 179284822
Change-Id: I321b85b88c150f17709a2270c0cbaf368ca035cc
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
be201a0ed5 am: 7d7010dcf8 am: 253c91192f
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1950401
Change-Id: I8b3f892d829decc104ef2a732af5fbbfa3e08fa8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Update the Java framework accordingly with the underlying keystore2
changes for key migration.
Test: atest SharedUserMigrationTest#testDataMigration (in internal)
Bug: 211665859
Change-Id: I26c817dffdf2e50a43373114a63242644ee7e712
|
| |\|
| |
| |
| |
| |
| |
| |
| | |
33e0b830dc am: a665f6bd93
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1905490
Change-Id: I5965b31cb15b2cf30596939d4c5cb70e51b332b9
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
Change-Id: Iedf0f7f85fecbc2ee274a108887c77add62dcb31
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Report KeyStore/KeyMint error messages via public API.
This lets developers find out:
* Whether an error is transient or not.
* Whether a failure is due to a system error
(system configuration/state/capabilities), or a key-related error.
* Whether user authentication is required to use the key.
Test: atest CtsKeystorePerformanceTestCases CtsKeystoreTestCases
Bug: 197890905
Change-Id: I776d9e9cc01a9dc3542a63000ee0709847760963
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default value for canUnlockViaBiometrics, which determines if we
are able to show a bio prompt, is true. However, if there are 0
biometric authenticator IDs, then it's impossible for the user to
satisfy a bio prompt. In this case, we should set canUnlockViaBiometrics
to false.
The loop that is normally expected to invert canUnlockViaBiometrics was
never run in the case of 0 bio authenticator ids, so we mistakenly
let the crypto init operation succeed when we should have blocked it.
Bug: 188864794
Test: Manual, using sample app that displays a biometric prompt.
Change-Id: Ib95b0564aa098157718b8d4a45b11baa69dad71b
|
| |\
| |
| |
| |
| |
| | |
* changes:
Test for contract between AndroidKeyStoreKey hash and equals.
Keystore 2.0 SPI: Fix contract between equals and hashCode 2
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Test: atest KeystoreTests
Bug: 196118021
Merged-In: Ic6e60752faa986debe3d325f54242cffaa03b336
Change-Id: Ic6e60752faa986debe3d325f54242cffaa03b336
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes the contract between equals and hashCode in
AndroidKeystorePublicKey. The previous fix made only a reference
comparisson between certificate blobs. In this patch java.util.Arrays is
used to compare and compute the hash of the array.
Bug: 196118021
Test: See following CL.
Change-Id: I2b8b7e740fb377de39fd21f763e15cb00024b2fc
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a NullPointerException when trying to insert SecretKey that already
exists.
Bug: 202146009
Test: atest android.keystore.cts.AndroidKeyStoreTest#testKeyStore_SetKeyEntry_ReplacedWithSameGeneratedSecretKey
Change-Id: If3a4bd6677ab3173c5c1a7c921ba567b7981662b
|
| |\|
| |
| |
| |
| |
| | |
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1802873
Change-Id: I20bb1006d93233dfe7dd73c12a0eaadee229e3d5
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The code was doing a reference compare, not object value comparison,
resulting in failures in the KeyStore setEntry API.
Test: CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest
Fixes: 197138784
Change-Id: I2c5e47283eed5694951869e9ea3853364ddef9d1
|
| |\|
| |
| |
| |
| |
| | |
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1797475
Change-Id: Id20947de8b039d4a468127a446266c30fbbd1659
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Callbacks on ServiceConnection happen on the main UI thread for an
application. Since the thread that calls bindService then immediately
blocks to wait for the service to be connected, this will cause a
deadlock if key operations are happening on the main UI thread.
This bug has likely not been detected yet since key operations are not
supposed to be performed on the main UI thread, however it was uncovered
in a similar application during other testing. This fix ensures the
ServiceConnection object's callbacks will be triggered from a separate
thread from the calling thread.
Bug: 196571032
Test: Apps that run key operations on the UI thread don't hang.
Change-Id: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
Merged-In: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
|
| |\ \ \
| |/ /
|/| |
| | |
| | | |
Merged-In: I661f5fb6b1f3f6ce4322fab8fa84a7ab364c65b1
Change-Id: I16482b494ff4821016aabbb646e495d616c630ac
|
| | |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 214d129500
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/15225383
Change-Id: I8a65bc5a7724830ecb5a0df28c35c4f1fa806a0d
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
|
| | |\ \ \
| | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | | |
7fc084200f
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1736160
Change-Id: I274163d45ee758a5a520c78dd82d0babba9a7d1d
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Renaming the vpnstore interface to legacykeystore.
Bug: 191373871
Test: TBD
Change-Id: Icd304ef621f0de52d6ebc415a0628d63f827fbcd
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
support Signature object
Bug: 191661889
Test: m droid
Merged-In: Ie65dcfe96f3bb00cc9af4d49e4e1d1f57bde438a
Change-Id: Ie65dcfe96f3bb00cc9af4d49e4e1d1f57bde438a
(cherry picked from commit 507a653a6e35fd3bf5b9a5927e4c17307593bcae)
|
| | |\ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
This reverts commit d05498b9d8d30ca69eaafe920c5915ee472058eb.
Reason for revert: Bugged on non-RKP systems.
Bug: 190222116
Change-Id: Ie7d17d4251c381c1bae6a76cd9b0246c551f8042
|
