History log of /system/security/keystore/include/keystore/IKeystoreService.h
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
6d449e8f4317b064c7868957b8ecc4472237d19e 08-Jun-2017 Janis Danisevskis <jdanis@google.com> Refurbish granting mechanism

Keystore stores key blobs in with filenames that include the symbolic
name and the uid of the owner. This behaviour should have been
completely opaque to the user keystore. However, the granting mechanism,
by which an app can allow another app to use one of its keys, leaked the
internal structure in that the grantee had to specify the key name with
the granter's uid prefix in order to use the granted key. This in turn
collided with prefix handling in other parts of the framework.

This patch refurbishes the granting mechanism such that keystore can
choose a name for the grant. It uses the original symbolic key name as
prefix and appends _KEYSTOREGRANT_<grant_no> where the grant_no is
chosen as first free slot starting from 0. Each uid has its own grant_no
space.

This changes the grant call such that it now returns a string, which is
the alias name of the newly created grant. The string is empty if the
grant operation failed.

As before apps can still mask granted keys by importing a key with the
exact same name including the added suffix. But everybody deserves the
right to shoot themselves in the foot if they really want to.

Bug: 37264540
Bug: 62237038
Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test
com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
because it grants a key

Change-Id: I723c44c7ae6782c8de42063744717d088cd49ba1
/system/security/keystore/include/keystore/IKeystoreService.h
5aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50 24-Apr-2017 Bartosz Fabianowski <bartfab@google.com> Add device ID attestation method to keymaster

Device ID attestation consists of three steps:
* Generate a temporary key
* Attest the key and desired device IDs
* Delete the temporary key

Rather than being spread over three keymaster APIs, these operations
should happen automatically in a single keymaster method.

Bug: 34734938
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: Icbbc2dfc84f8b4f39d0e7ea880844d4f38b63f66
/system/security/keystore/include/keystore/IKeystoreService.h
c7a9fa29c185a8c1889486d4acf00fd59c513870 13-Oct-2016 Janis Danisevskis <jdanis@google.com> Port to binderized keymaster HAL

This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition. In the process
of porting, keystore underwent some changes:

* Keystore got a new implementation of AuthorizationSet that is fully
based on the new HIDL data structures. Key parameters are now either
organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly,
this was a mixture of keymaster's AuthorizationSet,
std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The
former is used for memory management and provides algorithms for
assembling, joining, and subtracting sets of parameters. The latter
is used as wire format for the HAL IPC; it can wrap the memory owned
by an AuthorizationSet for this purpose. The AuthorizationSet is
accompanied by a new implementation of type safe functions for
creating and accessing tagged key parameters,
Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
response codes. Keystore has two sets of error codes. ErrorCode
errors are less than 0 and use 0 as success value. ResponseCode
errors are greater than zero and use 1 as success value. This patch
changes ResponseCode to be an enum class so that is no longer
assignable to int without a cast. The new return type can only be
initialized by ResponseCode or ErrorCode and when accessed as int32_t,
which happens on serialization when the response is send to a client,
the success values are coalesced onto 1 as expected by the
clients. KSSreturnCode is also comparable to ResponseCode and
ErrorCode, and the predicate isOk() returns true if it was initialized
with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
success, regardless of the input, internal errors, or lack of
permissions.
* The marshalling code in IKeystoreService.cpp was rewritten. For data
structures that are known to keymaster, the client facing side of
keystore uses HIDL based data structures as (target) source
for (un)marshaling to avoid further conversion. hidl_vecs are used to
wrap parcel memory without copying and taking ownership where
possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
of the old HAL). The new implementations avoid explicit use of
malloc/new and waive the use of pointers for return values. Instead,
functions return by value objects that take ownership of secondary
memory allocations where required.

Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts

Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
/system/security/keystore/include/keystore/IKeystoreService.h
9c28dd5f2797510c3da719144247e867c58c6e18 06-Oct-2016 Tucker Sylvestro <tuckeris@google.com> resolve merge conflicts of 0ab28b7 to nyc-mr1-dev-plus-aosp

Test: Built with ". build/envsetup.sh && lunch shamu-eng && make -j32"

Change-Id: I4b3081c2b9091fa2d66c717f5d57dc6e567c50e2
0ab28b78bd06a06a0ffa150cef5876d56212902a 06-Aug-2016 Tucker Sylvestro <tuckeris@google.com> Support and use TAG_ALLOW_WHILE_ON_BODY

There are three changes in this CL:
1. Persist all characteristics provided at the time of key creation.
We do this to avoid device-specific keymaster implementations
stripping keys they are not aware of.
2. Add an onDeviceOffBody API method that will be called whenever a
wearable device is detected to have been removed.
3. Check whether a key was created with TAG_ALLOW_WHILE_ON_BODY and
the device has gone off-body since the last auth event when
deciding whether it can be used.

BUG: 30701680
BUG: 28911985
Change-Id: I6be3af3dee8e576fe713dfdd726502d8b333f224
/system/security/keystore/include/keystore/IKeystoreService.h
386ee11839caba77fac37649126d4d4a9c7d662e 28-Sep-2016 Chad Brubaker <cbrubaker@google.com> Merge "KeyCharacteristics implement Parcelable interface"
3ccb1332747de211d700edc5348c413d41d49180 28-Sep-2016 Chad Brubaker <cbrubaker@google.com> Merge changes I6873ee37,Ia18ee6e4

* changes:
ExportResult implement Parcelable interface
OperationResult implements Parcelable interface
863f16fd627787466d99b44386e586bb797a7f10 25-Aug-2016 Bin Chen <pierr.chen@gmail.com> KeyCharacteristics implement Parcelable interface

Simplify the code and prepare for the switch to cpp-aidl generated
interface, proxy and stub file.

Change-Id: If4cd831b2bbeaa305393a4732b72231ce596f5ef
Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
96d62710a078ec04e43d7518a04de7d1fd691c93 25-Aug-2016 Bin Chen <pierr.chen@gmail.com> ExportResult implement Parcelable interface

Simplify the code and prepare for the switch to cpp-aidl generated
interface, proxy and stub file.

Change-Id: I6873ee376642e62aff8cd88da7bdcb6f16d30df7
Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
9ec9270dbb274060d008c49a61fb196a533f5191 25-Aug-2016 Bin Chen <pierr.chen@gmail.com> OperationResult implements Parcelable interface

Simplify the code and prepare for the switch to cpp-aidl generated
interface, proxy and stub file.

Change-Id: Ia18ee6e47df540100f10be013084226dfc5cec7c
Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/include/keystore/IKeystoreService.h
eb1adaf56d7256c3948c75b8502066604dd97f68 03-Feb-2016 Shawn Willden <swillden@google.com> Fix various memory errors.

Bug: 26910835
Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
067042f6d7be14cb0f01388c41af597caf8e60fe 03-Feb-2016 Shawn Willden <swillden@google.com> Fix various memory errors.

Bug: 26910835
Change-Id: I2973221a798b08bbde6dc7ac5464a99b2dc26b4d
/system/security/keystore/include/keystore/IKeystoreService.h
b3bb39218888c573c1b341d3ee11516b9ad2d3b4 29-Jan-2016 Shawn Willden <swillden@google.com> Merge changes from topic \'km_tag_allow_on_body\' am: a1433ee2f8
am: e30ca16ae0

* commit 'e30ca16ae0e41375201de9132866f5680a5d7baa':
Add KM_TAG_ALLOW_WHILE_ON_BODY
Add attestation support to keystore.
50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a 21-Jan-2016 Shawn Willden <swillden@google.com> Add attestation support to keystore.

Bug: 22914603
Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2
/system/security/keystore/include/keystore/IKeystoreService.h
ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e 09-Sep-2015 Chad Brubaker <cbrubaker@google.com> Allow uid to be passed for more operations

This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to
accept a uid to run as. This is only for system to use keys owned by
Wifi and VPN, and not something that can be used to do operations as
another arbitrary application.

Bug: 23978113
Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/include/keystore/IKeystoreService.h
b2d68d151b68153f92fc9e615ad164e3ce873fb6 03-Jun-2015 Chad Brubaker <cbrubaker@google.com> resolved conflicts for merge of 57e106dc to mnc-dev-plus-aosp

Change-Id: I7d753e87c43945a1a02bfa2d62000ffb96aea858
57e106dc183744cdc05c62bea11bc285b3346846 01-Jun-2015 Chad Brubaker <cbrubaker@google.com> Track keymaster method changes

Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/include/keystore/IKeystoreService.h
8cfb8ac6e9bd291e9d861a32de2719e3bc797191 29-May-2015 Chad Brubaker <cbrubaker@google.com> Add optional additional entropy to finish

If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.

Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/include/keystore/IKeystoreService.h
e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 13-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup keystore API

Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

(cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9)

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
c0f031a867a6c3fa05732fcd72bd284d56073cf8 12-May-2015 Chad Brubaker <cbrubaker@google.com> Add onUserAdded/Removed methods

These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.

(cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce)

Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
9443616391a705856b2cad026afb69dc23a346e9 13-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup keystore API

Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/include/keystore/IKeystoreService.h
fd777e7111ce01c672706867302db08371e5afce 12-May-2015 Chad Brubaker <cbrubaker@google.com> Add onUserAdded/Removed methods

These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.

Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/include/keystore/IKeystoreService.h
eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 07-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup password change and removal logic.

Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

(cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e)

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
96d6d7868303ad87f1f408c40d3c44bcb39f561e 07-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup password change and removal logic.

Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/include/keystore/IKeystoreService.h
96cf1b1ee907696cc4342c1b4992c657d0b6aa33 31-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Include operation handle in OperationResult"
41efb6a58c7efd63d3493f9095284c74ed363d46 30-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Add authorization binder methods"
154d7699cc30ef5156d6497258c4dd350fcb1286 27-Mar-2015 Chad Brubaker <cbrubaker@google.com> Allow entropy to be provided to some operations

generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.

Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/include/keystore/IKeystoreService.h
d663442b590b59250062335cc057478001b8e439 22-Mar-2015 Chad Brubaker <cbrubaker@google.com> Make client/app ids objects in the binder API

Previously a null client/app id was translated into a blob with
length=0, data=NULL, but this was a bit janky and required null ids to
be set on key creation/import.

Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/include/keystore/IKeystoreService.h
2ed2baa7de690b09430b40625e6b18d10757a2fd 22-Mar-2015 Chad Brubaker <cbrubaker@google.com> Add authorization binder methods

Add methods for sending an auth token to keystore and to query the
authorization state of a given operation. These methods are currently
stubs until authorization is implemented.

Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/include/keystore/IKeystoreService.h
c3a1856bbe2e39d5b3430f5f088b12fd710a159f 18-Mar-2015 Chad Brubaker <cbrubaker@google.com> Include operation handle in OperationResult

Some authorization code needs to know the actual underlying operation
handle, not simply a reference to it, so return it in case it is needed.
Note that the handle cannot be used by the application to reference an
operation.

Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/include/keystore/IKeystoreService.h
40a1a9b306d4e3c85b24f80ff39841507cf42357 20-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 crypto operations

Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/include/keystore/IKeystoreService.h
9899d6b392e8223c3c00bfccadd43b18cdc96b4f 03-Feb-2015 Chad Brubaker <cbrubaker@google.com> Add Keymaster 1.0 binder methods

Add all the serialization required for the new keystore binder API to
support keymaster 1.0. The keystore methods themselves are left as
stubs, will be filled in in later commits.

Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/include/keystore/IKeystoreService.h
6266c9670154d33488c2d31d1715b2a35f5e631b 05-Mar-2015 Chad Brubaker <cbrubaker@google.com> Revert "Add Keymaster 0.4 binder methods"

This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399.

Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/include/keystore/IKeystoreService.h
c5b1ae13eca39a1f63cc690369d1eee445d3c399 03-Feb-2015 Chad Brubaker <cbrubaker@google.com> Add Keymaster 0.4 binder methods

Add all the serialization required for the new keystore binder API to
support keymaster 0.4. The keystore methods themselves are left as
stubs, will be filled in in later commits.

Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/include/keystore/IKeystoreService.h
4e865753346fc6a075966972a7a98051818859db 19-Aug-2014 Robin Lee <rgl@google.com> APIs for syncing password between profiles

Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/include/keystore/IKeystoreService.h
1b0e3933900c7ea21189704d5db64e7346aee7af 05-Sep-2013 Kenny Root <kroot@google.com> Add argument to binder call to check key types

Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.

Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/include/keystore/IKeystoreService.h
96427baf0094d50047049d329b0779c3c910402c 16-Aug-2013 Kenny Root <kroot@google.com> Add support for DSA and ECDSA key types

(cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d)

Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/include/keystore/IKeystoreService.h
0c540aad5915e6aa34345049be96f28b64d0e84c 03-Apr-2013 Kenny Root <kroot@google.com> keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

Bug: 8122243
Change-Id: I7d70122beb32b59f06a923ade93234393b75a2cd
/system/security/keystore/include/keystore/IKeystoreService.h
2ecc7a1efbb21d86d38b9e0348dfbf0e1213d920 02-Apr-2013 Kenny Root <kroot@google.com> keystore: command to clear all keys for UID

Add ability for system UID to clear all entries for a different UID.

(cherry picked from commit a9bb549868035e05450a9b918f8d7de9deca5343)

Bug: 3020069
Change-Id: Ibd5ce287f024b89df3dd7bfc3a4e5f979a34c75c
/system/security/keystore/include/keystore/IKeystoreService.h
4306123e81371bd8bd85f77c2375d29ac53ff771 29-Mar-2013 Kenny Root <kroot@google.com> keystore: add API to query storage type

Add an API to query the HAL to see what kind of storage it reports the
device is.

(cherry picked from commit 8ddf35a6e1fd80a7d0685041d2bfc77078277c9d)

Change-Id: I04a9421053a0b8bbe4f0dd73fefdfdbe4ab4add9
/system/security/keystore/include/keystore/IKeystoreService.h
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf 21-Mar-2013 Kenny Root <kroot@google.com> keystore: change migrate to duplicate

After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.

Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/include/keystore/IKeystoreService.h
0225407783ee339164a0cd8ca5ef04c99d27c59a 20-Mar-2013 Kenny Root <kroot@google.com> keystore: add "migrate" command

To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.

Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/include/keystore/IKeystoreService.h
b88c3eb96625513df4cc998d739d17266ebaf89f 13-Feb-2013 Kenny Root <kroot@google.com> keystore: add UID to certain APIs

This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.

Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/include/keystore/IKeystoreService.h
07438c8d7256d3788dac323b4d0055f201e0bec9 02-Nov-2012 Kenny Root <kroot@google.com> Switch keystore to binder

Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/include/keystore/IKeystoreService.h