6d449e8f4317b064c7868957b8ecc4472237d19e |
|
08-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Refurbish granting mechanism Keystore stores key blobs in with filenames that include the symbolic name and the uid of the owner. This behaviour should have been completely opaque to the user keystore. However, the granting mechanism, by which an app can allow another app to use one of its keys, leaked the internal structure in that the grantee had to specify the key name with the granter's uid prefix in order to use the granted key. This in turn collided with prefix handling in other parts of the framework. This patch refurbishes the granting mechanism such that keystore can choose a name for the grant. It uses the original symbolic key name as prefix and appends _KEYSTOREGRANT_<grant_no> where the grant_no is chosen as first free slot starting from 0. Each uid has its own grant_no space. This changes the grant call such that it now returns a string, which is the alias name of the newly created grant. The string is empty if the grant operation failed. As before apps can still mask granted keys by importing a key with the exact same name including the added suffix. But everybody deserves the right to shoot themselves in the foot if they really want to. Bug: 37264540 Bug: 62237038 Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement because it grants a key Change-Id: I723c44c7ae6782c8de42063744717d088cd49ba1
/system/security/keystore/include/keystore/IKeystoreService.h
|
5aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50 |
|
24-Apr-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add device ID attestation method to keymaster Device ID attestation consists of three steps: * Generate a temporary key * Attest the key and desired device IDs * Delete the temporary key Rather than being spread over three keymaster APIs, these operations should happen automatically in a single keymaster method. Bug: 34734938 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: Icbbc2dfc84f8b4f39d0e7ea880844d4f38b63f66
/system/security/keystore/include/keystore/IKeystoreService.h
|
c7a9fa29c185a8c1889486d4acf00fd59c513870 |
|
13-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Port to binderized keymaster HAL This patch ports keystore to the HIDL based binderized keymaster HAL. Keystore has no more dependencies on legacy keymaster headers, and therefore data structures, constant declarations, or enums. All keymaster related data structures and enums used by keystore are the once defined by the HIDL based keymaster HAL definition. In the process of porting, keystore underwent some changes: * Keystore got a new implementation of AuthorizationSet that is fully based on the new HIDL data structures. Key parameters are now either organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly, this was a mixture of keymaster's AuthorizationSet, std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The former is used for memory management and provides algorithms for assembling, joining, and subtracting sets of parameters. The latter is used as wire format for the HAL IPC; it can wrap the memory owned by an AuthorizationSet for this purpose. The AuthorizationSet is accompanied by a new implementation of type safe functions for creating and accessing tagged key parameters, Authorizations (keystore/keymaster_tags.h). * A new type (KSSReturnCode) was introduced that wraps keystore service response codes. Keystore has two sets of error codes. ErrorCode errors are less than 0 and use 0 as success value. ResponseCode errors are greater than zero and use 1 as success value. This patch changes ResponseCode to be an enum class so that is no longer assignable to int without a cast. The new return type can only be initialized by ResponseCode or ErrorCode and when accessed as int32_t, which happens on serialization when the response is send to a client, the success values are coalesced onto 1 as expected by the clients. KSSreturnCode is also comparable to ResponseCode and ErrorCode, and the predicate isOk() returns true if it was initialized with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1). * A bug was fixed, that caused the keystore verify function to return success, regardless of the input, internal errors, or lack of permissions. * The marshalling code in IKeystoreService.cpp was rewritten. For data structures that are known to keymaster, the client facing side of keystore uses HIDL based data structures as (target) source for (un)marshaling to avoid further conversion. hidl_vecs are used to wrap parcel memory without copying and taking ownership where possible. * Explicit use of malloc is reduced (malloc was required by the C nature of the old HAL). The new implementations avoid explicit use of malloc/new and waive the use of pointers for return values. Instead, functions return by value objects that take ownership of secondary memory allocations where required. Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts Bug: 32020919 Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
/system/security/keystore/include/keystore/IKeystoreService.h
|
9c28dd5f2797510c3da719144247e867c58c6e18 |
|
06-Oct-2016 |
Tucker Sylvestro <tuckeris@google.com> |
resolve merge conflicts of 0ab28b7 to nyc-mr1-dev-plus-aosp Test: Built with ". build/envsetup.sh && lunch shamu-eng && make -j32" Change-Id: I4b3081c2b9091fa2d66c717f5d57dc6e567c50e2
|
0ab28b78bd06a06a0ffa150cef5876d56212902a |
|
06-Aug-2016 |
Tucker Sylvestro <tuckeris@google.com> |
Support and use TAG_ALLOW_WHILE_ON_BODY There are three changes in this CL: 1. Persist all characteristics provided at the time of key creation. We do this to avoid device-specific keymaster implementations stripping keys they are not aware of. 2. Add an onDeviceOffBody API method that will be called whenever a wearable device is detected to have been removed. 3. Check whether a key was created with TAG_ALLOW_WHILE_ON_BODY and the device has gone off-body since the last auth event when deciding whether it can be used. BUG: 30701680 BUG: 28911985 Change-Id: I6be3af3dee8e576fe713dfdd726502d8b333f224
/system/security/keystore/include/keystore/IKeystoreService.h
|
386ee11839caba77fac37649126d4d4a9c7d662e |
|
28-Sep-2016 |
Chad Brubaker <cbrubaker@google.com> |
Merge "KeyCharacteristics implement Parcelable interface"
|
3ccb1332747de211d700edc5348c413d41d49180 |
|
28-Sep-2016 |
Chad Brubaker <cbrubaker@google.com> |
Merge changes I6873ee37,Ia18ee6e4 * changes: ExportResult implement Parcelable interface OperationResult implements Parcelable interface
|
863f16fd627787466d99b44386e586bb797a7f10 |
|
25-Aug-2016 |
Bin Chen <pierr.chen@gmail.com> |
KeyCharacteristics implement Parcelable interface Simplify the code and prepare for the switch to cpp-aidl generated interface, proxy and stub file. Change-Id: If4cd831b2bbeaa305393a4732b72231ce596f5ef Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
|
96d62710a078ec04e43d7518a04de7d1fd691c93 |
|
25-Aug-2016 |
Bin Chen <pierr.chen@gmail.com> |
ExportResult implement Parcelable interface Simplify the code and prepare for the switch to cpp-aidl generated interface, proxy and stub file. Change-Id: I6873ee376642e62aff8cd88da7bdcb6f16d30df7 Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
|
9ec9270dbb274060d008c49a61fb196a533f5191 |
|
25-Aug-2016 |
Bin Chen <pierr.chen@gmail.com> |
OperationResult implements Parcelable interface Simplify the code and prepare for the switch to cpp-aidl generated interface, proxy and stub file. Change-Id: Ia18ee6e47df540100f10be013084226dfc5cec7c Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
|
eb1adaf56d7256c3948c75b8502066604dd97f68 |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Fix various memory errors. Bug: 26910835 Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
|
067042f6d7be14cb0f01388c41af597caf8e60fe |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Fix various memory errors. Bug: 26910835 Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
|
b3bb39218888c573c1b341d3ee11516b9ad2d3b4 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge changes from topic \'km_tag_allow_on_body\' am: a1433ee2f8 am: e30ca16ae0 * commit 'e30ca16ae0e41375201de9132866f5680a5d7baa': Add KM_TAG_ALLOW_WHILE_ON_BODY Add attestation support to keystore.
|
50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a |
|
21-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to keystore. Bug: 22914603 Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2
/system/security/keystore/include/keystore/IKeystoreService.h
|
ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e |
|
09-Sep-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow uid to be passed for more operations This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to accept a uid to run as. This is only for system to use keys owned by Wifi and VPN, and not something that can be used to do operations as another arbitrary application. Bug: 23978113 Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/include/keystore/IKeystoreService.h
|
b2d68d151b68153f92fc9e615ad164e3ce873fb6 |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
resolved conflicts for merge of 57e106dc to mnc-dev-plus-aosp Change-Id: I7d753e87c43945a1a02bfa2d62000ffb96aea858
|
57e106dc183744cdc05c62bea11bc285b3346846 |
|
01-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Track keymaster method changes Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/include/keystore/IKeystoreService.h
|
8cfb8ac6e9bd291e9d861a32de2719e3bc797191 |
|
29-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add optional additional entropy to finish If provided the extra entropy will be added to the device before calling finish. If entropy is provided and the device does not support supplying additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED. Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/include/keystore/IKeystoreService.h
|
e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. (cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9) Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
c0f031a867a6c3fa05732fcd72bd284d56073cf8 |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. (cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce) Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
9443616391a705856b2cad026afb69dc23a346e9 |
|
13-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup keystore API Remove old methods that were replaced by onUser* methods, rename methods with unclear names, and add userId parameters to all operations that operate with per user state. Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
|
fd777e7111ce01c672706867302db08371e5afce |
|
12-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add onUserAdded/Removed methods These will handle the logic of Android users being added/removed from the device instead of the system calling the various reset/sync methods. Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
|
eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. (cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e) Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
96d6d7868303ad87f1f408c40d3c44bcb39f561e |
|
07-May-2015 |
Chad Brubaker <cbrubaker@google.com> |
Cleanup password change and removal logic. Replace password with notifyUserPasswordChanged for password changes, unlock should now be used to unlock keystore instead of calling password with the current password. When the user removes their password now only keystore entries that were created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will remain. This makes it more concrete that the keystore could be non-empty while in STATE_UNINITIALIZED, though this was previously possible due to the state only being checked if FLAG_ENCRYPTED was set. Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
|
96cf1b1ee907696cc4342c1b4992c657d0b6aa33 |
|
31-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Include operation handle in OperationResult"
|
41efb6a58c7efd63d3493f9095284c74ed363d46 |
|
30-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Merge "Add authorization binder methods"
|
154d7699cc30ef5156d6497258c4dd350fcb1286 |
|
27-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Allow entropy to be provided to some operations generateKey and begin can now optionally take an array of bytes to add to the rng entropy of the device before the operation. If entropy is specified and the device does not support add_rng_entropy or the call fails then that device will not be used, leading to fallback or error depending on the situation. Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/include/keystore/IKeystoreService.h
|
d663442b590b59250062335cc057478001b8e439 |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Make client/app ids objects in the binder API Previously a null client/app id was translated into a blob with length=0, data=NULL, but this was a bit janky and required null ids to be set on key creation/import. Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/include/keystore/IKeystoreService.h
|
2ed2baa7de690b09430b40625e6b18d10757a2fd |
|
22-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add authorization binder methods Add methods for sending an auth token to keystore and to query the authorization state of a given operation. These methods are currently stubs until authorization is implemented. Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/include/keystore/IKeystoreService.h
|
c3a1856bbe2e39d5b3430f5f088b12fd710a159f |
|
18-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Include operation handle in OperationResult Some authorization code needs to know the actual underlying operation handle, not simply a reference to it, so return it in case it is needed. Note that the handle cannot be used by the application to reference an operation. Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/include/keystore/IKeystoreService.h
|
40a1a9b306d4e3c85b24f80ff39841507cf42357 |
|
20-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Implement keymaster 1.0 crypto operations Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/include/keystore/IKeystoreService.h
|
9899d6b392e8223c3c00bfccadd43b18cdc96b4f |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 1.0 binder methods Add all the serialization required for the new keystore binder API to support keymaster 1.0. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/include/keystore/IKeystoreService.h
|
6266c9670154d33488c2d31d1715b2a35f5e631b |
|
05-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Revert "Add Keymaster 0.4 binder methods" This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399. Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/include/keystore/IKeystoreService.h
|
c5b1ae13eca39a1f63cc690369d1eee445d3c399 |
|
03-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add Keymaster 0.4 binder methods Add all the serialization required for the new keystore binder API to support keymaster 0.4. The keystore methods themselves are left as stubs, will be filled in in later commits. Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/include/keystore/IKeystoreService.h
|
4e865753346fc6a075966972a7a98051818859db |
|
19-Aug-2014 |
Robin Lee <rgl@google.com> |
APIs for syncing password between profiles Bug: 16233206. Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/include/keystore/IKeystoreService.h
|
1b0e3933900c7ea21189704d5db64e7346aee7af |
|
05-Sep-2013 |
Kenny Root <kroot@google.com> |
Add argument to binder call to check key types Before there was only one key type supported, so we didn't need to query a key type. Now there is DSA, EC, and RSA, so there needs to be another argument. Bug: 10600582 Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/include/keystore/IKeystoreService.h
|
96427baf0094d50047049d329b0779c3c910402c |
|
16-Aug-2013 |
Kenny Root <kroot@google.com> |
Add support for DSA and ECDSA key types (cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d) Bug: 10600582 Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/include/keystore/IKeystoreService.h
|
0c540aad5915e6aa34345049be96f28b64d0e84c |
|
03-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: Add flag for blobs to be unencrypted In order to let apps use keystore more productively, make the blob encryption optional. As more hardware-assisted keystores (i.e., hardware that has a Keymaster HAL) come around, encrypting blobs start to make less sense since the thing it's encrypting is usually a token and not any raw key material. Bug: 8122243 Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
/system/security/keystore/include/keystore/IKeystoreService.h
|
2ecc7a1efbb21d86d38b9e0348dfbf0e1213d920 |
|
02-Apr-2013 |
Kenny Root <kroot@google.com> |
keystore: command to clear all keys for UID Add ability for system UID to clear all entries for a different UID. (cherry picked from commit a9bb549868035e05450a9b918f8d7de9deca5343) Bug: 3020069 Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
/system/security/keystore/include/keystore/IKeystoreService.h
|
4306123e81371bd8bd85f77c2375d29ac53ff771 |
|
29-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add API to query storage type Add an API to query the HAL to see what kind of storage it reports the device is. (cherry picked from commit 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d) Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
/system/security/keystore/include/keystore/IKeystoreService.h
|
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf |
|
21-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: change migrate to duplicate After discussion, it was determined that duplicate would be less disruptive and it still fit in the current HAL model. Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/include/keystore/IKeystoreService.h
|
0225407783ee339164a0cd8ca5ef04c99d27c59a |
|
20-Mar-2013 |
Kenny Root <kroot@google.com> |
keystore: add "migrate" command To support the WiFi service, we need to support migration from the system UID to the wifi UID. This adds a command to achieve the migration. Bug: 8122243 Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/include/keystore/IKeystoreService.h
|
b88c3eb96625513df4cc998d739d17266ebaf89f |
|
13-Feb-2013 |
Kenny Root <kroot@google.com> |
keystore: add UID to certain APIs This will allow explicit indication of which UID to put things under for trusted UIDs (e.g., system UID) in a future change instead of putting things only in the calling UID. Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/include/keystore/IKeystoreService.h
|
07438c8d7256d3788dac323b4d0055f201e0bec9 |
|
02-Nov-2012 |
Kenny Root <kroot@google.com> |
Switch keystore to binder Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/include/keystore/IKeystoreService.h
|