| d714a676de8bf2bf87ea9b7efc04bc5a743eef45 |
|
01-Sep-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix use of auth-bound keys after screen lock removal
When auth-bound keys are used after the screen lock has been removed it
is expected that getKeyCharacteristics still succeeds. However, when the
super encrypt feature was introduced the key blob is no longer
accessible, and thus, the retrieving the key characteristics fails.
This patch retrieves the key characteristics from the characteristics
cache file, which is not super encrypted. Using such a key still fails
but in ways expected by the framework.
Bug: 65200397
Test: CtsVerifier ScreenLockBoundKeysTest:
1. Run test
2. with CtsVerifier in the background remove the screen lock
through the settings dialog
3. Select VtsVerifier in 'recents'
4. Run test again
Change-Id: Ifa88c58a41c376e4f800a76114d4cf9149506ac0
(cherry picked from commit 36316d673ef836a0a34a62ab4ccce67d22c8a0d2)
/system/security/keystore/blob.cpp
|
| 0ed642cb8b985b4c345dcc71979bc0ade22b4224 |
|
26-May-2017 |
Shawn Willden <swillden@google.com> |
Make zeroing more portable.
Bug:35849499
Test: None required.
Change-Id: Iadee02a253b491f192c4a8b1cf3e57125ad866a6
/system/security/keystore/blob.cpp
|
| e9830589dde19b080fbbfad5fdb1ae6e2955df68 |
|
18-Apr-2017 |
Shawn Willden <swillden@google.com> |
Use AES-GCM to encrypt keystore blobs.
Keystore currently uses AES-CBC to encrypt keystore blobs, plus an MD5
digest for authentication. This scheme is mildly broken (b/26804580),
but has not been replaced because keystore encryption was slated for
removal. In order to support cryptographic binding of keys to user
authentication on devices with trusted secure computing modules,
keystore encryption has temporarily become relevant again, until a
better solution can be constructed. Thus there's a motivation to
replace the broken scheme with a proper authenticated encryption mode.
Along the way, this CL also fixes a low-priority security vulnerability,
b/31824325.
Bug: 26804580
Bug: 31824325
Bug: 35849499
Test: Manually tested the new scheme and upgrading from the old scheme
Change-Id: I139f2a7b7a3c01eade4e2d2a674d49d027179d43
/system/security/keystore/blob.cpp
|
| 67899de5ade4bc2a6ffae54f2e66cd5d99b67029 |
|
21-Apr-2017 |
Rubin Xu <rubinxu@google.com> |
Introduce KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION
This flag is used by system server to mark keys used during the
synthetic password auth flow. keys marked with this flag will not
be super encrypted because super encryption requires knowledge of
the synthetic password, causing a chicken-and-egg problem.
Bug: 35849499
Bug: 34600579
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testResetPasswordWithToken
Change-Id: Ibd900e3ede1f51c476d462085caaf216d911d693
/system/security/keystore/blob.cpp
|
| 484779559c15728cb4b96b7090083ee9f5a3cf95 |
|
19-Apr-2017 |
Rubin Xu <rubinxu@google.com> |
Disable super encryption for now
It's clashing with synthetic password flow due to the fact that
synthetic password flow requires an auth-bound key in keystore,
but when the key is being requested, keystore is yet to receive
the synthetic password so it can't encrypt the auth-bound key
Bug: 37474130
Bug: 35849499
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedProfileOwnerTest#testResetPasswordWithToken
Change-Id: I58b05f1464d2c85a30ce17fbf5d7eca5da114173
/system/security/keystore/blob.cpp
|
| 45c112a5664660ba303aedf89de3f7fa2a2e43be |
|
17-Apr-2017 |
Shawn Willden <swillden@google.com> |
Decrypt super-encrypted keys
This fixes a bug introduce in ag/2108644. That CL added automatic
super-encryption of authentication-bound keys, but missed the necessary
change to decrypt them when needed.
Test: Manually tested
Change-Id: I84693b145a6d57d5957aa40d10236e1a0610d12c
/system/security/keystore/blob.cpp
|
| d5a24e6745eb552c137cfdbb49e09e3db5701ad1 |
|
28-Feb-2017 |
Shawn Willden <swillden@google.com> |
Superencrypt authentication-bound keys.
This CL causes keystore to automatically encrypt all newly-created
keymaster key blobs which are authentication-bound. This appears on its
face to be pointless, since the sensitive key material in the key blobs
is already encrypted by the Trusted Execution Environment. It's not
pointless because this adds a cryptographic dependency on the user's
password, including any strengthening performed by
LockSettingService... which may include the use of a separate hardware
trusted module, separate from (and presumably more secure than) the TEE.
A better solution is planned for the next release, but that requires
changes to Gatekeeper and Keymaster. This superencryption will be
removed when that work is done.
Note that the encryption method used by keystore is weak. A separate CL will
replace the weak method with a proper authenticated encryption.
(cherry picked from commit 07aebe73053df12c21c7481a93146bd76add7fbd)
Test: Manual testing.
Bug: 35849499
Change-Id: I0c4910ea24b97bc8046f3d114bfb336670d03321
/system/security/keystore/blob.cpp
|
| c7a9fa29c185a8c1889486d4acf00fd59c513870 |
|
13-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Port to binderized keymaster HAL
This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition. In the process
of porting, keystore underwent some changes:
* Keystore got a new implementation of AuthorizationSet that is fully
based on the new HIDL data structures. Key parameters are now either
organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly,
this was a mixture of keymaster's AuthorizationSet,
std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The
former is used for memory management and provides algorithms for
assembling, joining, and subtracting sets of parameters. The latter
is used as wire format for the HAL IPC; it can wrap the memory owned
by an AuthorizationSet for this purpose. The AuthorizationSet is
accompanied by a new implementation of type safe functions for
creating and accessing tagged key parameters,
Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
response codes. Keystore has two sets of error codes. ErrorCode
errors are less than 0 and use 0 as success value. ResponseCode
errors are greater than zero and use 1 as success value. This patch
changes ResponseCode to be an enum class so that is no longer
assignable to int without a cast. The new return type can only be
initialized by ResponseCode or ErrorCode and when accessed as int32_t,
which happens on serialization when the response is send to a client,
the success values are coalesced onto 1 as expected by the
clients. KSSreturnCode is also comparable to ResponseCode and
ErrorCode, and the predicate isOk() returns true if it was initialized
with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
success, regardless of the input, internal errors, or lack of
permissions.
* The marshalling code in IKeystoreService.cpp was rewritten. For data
structures that are known to keymaster, the client facing side of
keystore uses HIDL based data structures as (target) source
for (un)marshaling to avoid further conversion. hidl_vecs are used to
wrap parcel memory without copying and taking ownership where
possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
of the old HAL). The new implementations avoid explicit use of
malloc/new and waive the use of pointers for return values. Instead,
functions return by value objects that take ownership of secondary
memory allocations where required.
Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts
Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
/system/security/keystore/blob.cpp
|
| c1d1feee514e6138e1ed8ff924f5453ba8e1408a |
|
27-Jan-2016 |
Shawn Willden <swillden@google.com> |
Refactor keystore.
This CL isn't nearly as big as it looks. It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.
Note that this is a cherry-pick from:
https://android-review.googlesource.com/#/c/194971
Change-Id: Ide326c4f1d03984994d1bd9a76fa68d37da230dc
/system/security/keystore/blob.cpp
|