History log of /system/security/keystore/keystore.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
af7783f735a56bebc5241bfe1a89db5944e3e06c 21-Sep-2017 Janis Danisevskis <jdanis@google.com> Fix multiple issues with the keystore grant mechanism

1. Ungrant did not check the callers uid which allowed any caller
to remove grants to any key.
2. Grants were not removed when a key was deleted.
3. clean_uid did not clear the grant cache of the target uid.
This would leave state grants that could have been used
by a new app that happend to get the same uid as the one
that was previously uninstalled.
4. Various paths did not respect grants: del, exist, getmtime
The del path was particularly awkward because it is required
by upgradeKeyBlob. This means it must work when a key that needs
upgrading is accessed through a grant alias.

Bug: 65851049
Merged-In: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
Change-Id: I6709b7562d47ad6156bee88a9e2d961f8a4a797d
/system/security/keystore/keystore.cpp
3f30364811676678084e7a459fa0f684f95d1221 21-Sep-2017 Janis Danisevskis <jdanis@google.com> Fixed two bugs that broke the keystore granting mechanism

Bug: 65851049

Merged-In: Ibea71d42934d283c95729eca6772a9aadb949a6a
Change-Id: Ibea71d42934d283c95729eca6772a9aadb949a6a
/system/security/keystore/keystore.cpp
00f94598c73b9b30a6855862b514dc53789b564c 21-Sep-2017 Janis Danisevskis <jdanis@google.com> Fix misnomer and resulting bug in keystore.cpp

On the upgrade path from keystore blobs version 0, the userId was
interpreted as uid which resulted in it being converted to a userId a
second time. This would result in keys belonging to other users
being assigned to the main user.

This patch fixes the bug and the misnomer that lead to the confusion.

Bug: 65851049
Merged-In: I91975310b6140929dcb6820aa8bd4c28b8e5de5e
Change-Id: I91975310b6140929dcb6820aa8bd4c28b8e5de5e
/system/security/keystore/keystore.cpp
687d8925ffb82902ea678a86aed875451b920b5d 12-Sep-2017 TreeHugger Robot <treehugger-gerrit@google.com> Merge "Fix retreiving characteristics file for grant key" into oc-mr1-dev
d3024ed1a4ba1f46737ffb14499c31ca667e631b 01-Sep-2017 Janis Danisevskis <jdanis@google.com> Fix retreiving characteristics file for grant key

getKeyForName was broken in case the name was a grant name and the
type was TYPE_KEY_CHARACTERISTICS. In this case the key blob instead of
the key characteristics blob was retreived.

Bug: 65200397
Bug: 37264540
Bug: 62237038
Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test
com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
because it grants a key
Change-Id: I0746d60555b51d47ea19ab05b9da29164c8b71db
(cherry picked from commit 6905c336b29561abf7841cfa1bde5eeab62915e7)
/system/security/keystore/keystore.cpp
d714a676de8bf2bf87ea9b7efc04bc5a743eef45 01-Sep-2017 Janis Danisevskis <jdanis@google.com> Fix use of auth-bound keys after screen lock removal

When auth-bound keys are used after the screen lock has been removed it
is expected that getKeyCharacteristics still succeeds. However, when the
super encrypt feature was introduced the key blob is no longer
accessible, and thus, the retrieving the key characteristics fails.

This patch retrieves the key characteristics from the characteristics
cache file, which is not super encrypted. Using such a key still fails
but in ways expected by the framework.

Bug: 65200397
Test: CtsVerifier ScreenLockBoundKeysTest:
1. Run test
2. with CtsVerifier in the background remove the screen lock
through the settings dialog
3. Select VtsVerifier in 'recents'
4. Run test again

Change-Id: Ifa88c58a41c376e4f800a76114d4cf9149506ac0
(cherry picked from commit 36316d673ef836a0a34a62ab4ccce67d22c8a0d2)
/system/security/keystore/keystore.cpp
6d449e8f4317b064c7868957b8ecc4472237d19e 08-Jun-2017 Janis Danisevskis <jdanis@google.com> Refurbish granting mechanism

Keystore stores key blobs in with filenames that include the symbolic
name and the uid of the owner. This behaviour should have been
completely opaque to the user keystore. However, the granting mechanism,
by which an app can allow another app to use one of its keys, leaked the
internal structure in that the grantee had to specify the key name with
the granter's uid prefix in order to use the granted key. This in turn
collided with prefix handling in other parts of the framework.

This patch refurbishes the granting mechanism such that keystore can
choose a name for the grant. It uses the original symbolic key name as
prefix and appends _KEYSTOREGRANT_<grant_no> where the grant_no is
chosen as first free slot starting from 0. Each uid has its own grant_no
space.

This changes the grant call such that it now returns a string, which is
the alias name of the newly created grant. The string is empty if the
grant operation failed.

As before apps can still mask granted keys by importing a key with the
exact same name including the added suffix. But everybody deserves the
right to shoot themselves in the foot if they really want to.

Bug: 37264540
Bug: 62237038
Test: run cts-dev --module CtsDevicePolicyManagerTestCases --test
com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
because it grants a key

Change-Id: I723c44c7ae6782c8de42063744717d088cd49ba1
/system/security/keystore/keystore.cpp
e9830589dde19b080fbbfad5fdb1ae6e2955df68 18-Apr-2017 Shawn Willden <swillden@google.com> Use AES-GCM to encrypt keystore blobs.

Keystore currently uses AES-CBC to encrypt keystore blobs, plus an MD5
digest for authentication. This scheme is mildly broken (b/26804580),
but has not been replaced because keystore encryption was slated for
removal. In order to support cryptographic binding of keys to user
authentication on devices with trusted secure computing modules,
keystore encryption has temporarily become relevant again, until a
better solution can be constructed. Thus there's a motivation to
replace the broken scheme with a proper authenticated encryption mode.

Along the way, this CL also fixes a low-priority security vulnerability,
b/31824325.

Bug: 26804580
Bug: 31824325
Bug: 35849499
Test: Manually tested the new scheme and upgrading from the old scheme
Change-Id: I139f2a7b7a3c01eade4e2d2a674d49d027179d43
/system/security/keystore/keystore.cpp
ccfff10f66d568b91ed155a798c5eaac2551f160 01-May-2017 Janis Danisevskis <jdanis@google.com> Remove use of UniquePtr from keystore

Remove UniquePtr from keystore in favour of std::unique_ptr

Change-Id: I8e02adab4326028e26dbf59ac836679abe2a40de
/system/security/keystore/keystore.cpp
07aebe73053df12c21c7481a93146bd76add7fbd 28-Feb-2017 Shawn Willden <swillden@google.com> Superencrypt authentication-bound keys.

This CL causes keystore to automatically encrypt all newly-created
keymaster key blobs which are authentication-bound. This appears on its
face to be pointless, since the sensitive key material in the key blobs
is already encrypted by the Trusted Execution Environment. It's not
pointless because this adds a cryptographic dependency on the user's
password, including any strengthening performed by
LockSettingService... which may include the use of a separate hardware
trusted module, separate from (and presumably more secure than) the TEE.

A better solution is planned for the next release, but that requires
changes to Gatekeeper and Keymaster. This superencryption will be
removed when that work is done.

Note that the encryption method used by keystore is weak. A separate CL will
replace the weak method with a proper authenticated encryption.

Test: Manual testing.
Bug: 35849499
Change-Id: I0162d352837a1e936e7f08cab2afc5c0f8e0f129
/system/security/keystore/keystore.cpp
b8550a0929286bd8b91135c2beea1f61c01a441f 23-Feb-2017 Shawn Willden <swillden@google.com> Add digest support and implementation name to getHardwareFeatures

Test: Manual
Change-Id: Iee20528e8d4f3931164aa988e11bfe71be4f56dc
/system/security/keystore/keystore.cpp
e2b6caff1a8265d7c84e4532330c4968d49d9296 03-Mar-2017 Janis Danisevskis <jdanis@google.com> Fixes KeyStore::isHardwareBacked

KeyStore::isHardwareBacked was broken by the hidlization of the
Keymaster HAL. This patch implements the functionality by quarrying
the Keymaster HAL for hardware features.

Bug: 35866007
Change-Id: I237e29a8b1c1b93a88b9fa8a969c3c832af384ff
/system/security/keystore/keystore.cpp
e8ba1802a649ada4cea78af133ab4fb549eb57f5 30-Jan-2017 Janis Danisevskis <jdanis@google.com> Phase out keymaster fallback support

Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.

This tolerance of misbehaving "hardware" implementations
had the effect that this behavior has done unnoticed for
too long. Therefore, we are phasing out the fallback
device.

This patch ensures that on devices with hardware
implementations supporting keymaster 2.0 and higher
there will be no fallback device papering over failures
in the underlying keymaster implementation.

Test: given a faulty KM2.0 implementation, import and generation
of keys with otherwise supported parameters returns an error

Change-Id: I8c2118e72558c326031368df13e836c3ef6b1da1
/system/security/keystore/keystore.cpp
69c434aee7a02f66e9a7bcf8ce014f8c48066eb6 30-Jan-2017 Janis Danisevskis <jdanis@google.com> Fix keystore::del to use correct keymaster device.

Keystore uses two different keymaster devices.
One device is provided by the OEM providing
hardware/trust zone backed functionality. The other
is a pure software implementation of keymaster.
The latter was used when a "hardware" implementation
failed generating or importing keys with certain
parameters.

During the port to HIDL based HALs this fallback software
device was removed and later reinstated. The delete
function of keystore, however was left unaware of the
existence of the fallback device and passed do-be-deleted
"fallback"-keys to the hardware device which is unaware
of the format and fails.

This patch makes Keystore::del aware of the fallback
device.

Test: import and delete a key that is unsupported by the
underlying "hardware" implementation of keymaster

Change-Id: I011c19c515b4b41fedec0c21f89efb58279f297c
/system/security/keystore/keystore.cpp
c7a9fa29c185a8c1889486d4acf00fd59c513870 13-Oct-2016 Janis Danisevskis <jdanis@google.com> Port to binderized keymaster HAL

This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition. In the process
of porting, keystore underwent some changes:

* Keystore got a new implementation of AuthorizationSet that is fully
based on the new HIDL data structures. Key parameters are now either
organised as AuthorizationSets or hidl_vec<KeyParameter>. (Formerly,
this was a mixture of keymaster's AuthorizationSet,
std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.) The
former is used for memory management and provides algorithms for
assembling, joining, and subtracting sets of parameters. The latter
is used as wire format for the HAL IPC; it can wrap the memory owned
by an AuthorizationSet for this purpose. The AuthorizationSet is
accompanied by a new implementation of type safe functions for
creating and accessing tagged key parameters,
Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
response codes. Keystore has two sets of error codes. ErrorCode
errors are less than 0 and use 0 as success value. ResponseCode
errors are greater than zero and use 1 as success value. This patch
changes ResponseCode to be an enum class so that is no longer
assignable to int without a cast. The new return type can only be
initialized by ResponseCode or ErrorCode and when accessed as int32_t,
which happens on serialization when the response is send to a client,
the success values are coalesced onto 1 as expected by the
clients. KSSreturnCode is also comparable to ResponseCode and
ErrorCode, and the predicate isOk() returns true if it was initialized
with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
success, regardless of the input, internal errors, or lack of
permissions.
* The marshalling code in IKeystoreService.cpp was rewritten. For data
structures that are known to keymaster, the client facing side of
keystore uses HIDL based data structures as (target) source
for (un)marshaling to avoid further conversion. hidl_vecs are used to
wrap parcel memory without copying and taking ownership where
possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
of the old HAL). The new implementations avoid explicit use of
malloc/new and waive the use of pointers for return values. Instead,
functions return by value objects that take ownership of secondary
memory allocations where required.

Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts

Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286
/system/security/keystore/keystore.cpp
9c28dd5f2797510c3da719144247e867c58c6e18 06-Oct-2016 Tucker Sylvestro <tuckeris@google.com> resolve merge conflicts of 0ab28b7 to nyc-mr1-dev-plus-aosp

Test: Built with ". build/envsetup.sh && lunch shamu-eng && make -j32"

Change-Id: I4b3081c2b9091fa2d66c717f5d57dc6e567c50e2
0ab28b78bd06a06a0ffa150cef5876d56212902a 06-Aug-2016 Tucker Sylvestro <tuckeris@google.com> Support and use TAG_ALLOW_WHILE_ON_BODY

There are three changes in this CL:
1. Persist all characteristics provided at the time of key creation.
We do this to avoid device-specific keymaster implementations
stripping keys they are not aware of.
2. Add an onDeviceOffBody API method that will be called whenever a
wearable device is detected to have been removed.
3. Check whether a key was created with TAG_ALLOW_WHILE_ON_BODY and
the device has gone off-body since the last auth event when
deciding whether it can be used.

BUG: 30701680
BUG: 28911985
Change-Id: I6be3af3dee8e576fe713dfdd726502d8b333f224
/system/security/keystore/keystore.cpp
451f205ba2744effd53fd3555cdc4080c14d7d9b 23-Aug-2016 Bin Chen <pierr.chen@gmail.com> Merge "keystore: replace VLA with vector"
am: 9c6612e264

Change-Id: Ic137fde859285c3a693b3e4b7642900d2ff34ada
cfd95aeb641d9adbfc8e8466dda952a5f7a3fe3f 21-Aug-2016 Bin Chen <pierr.chen@gmail.com> keystore: replace VLA with vector

According to Google coding style, no VLA since
it is not part of c++ standard and could blow up
the stack.

Change-Id: Ie79b56cd9a02ecebba76d88af727c6accbcfd45c
Signed-off-by: Bin Chen <pierr.chen@gmail.com>
/system/security/keystore/keystore.cpp
89c52f16ecea4ebf08d6b3c863e0848438bac23d 28-Jan-2016 Shawn Willden <swillden@google.com> Merge "Update Keystore to use keymaster2 HAL." am: fd50293cd5
am: f647e0a994

* commit 'f647e0a99492d21825e891c53b9a05fed04dbb9c':
Update Keystore to use keymaster2 HAL.
c1d1feee514e6138e1ed8ff924f5453ba8e1408a 27-Jan-2016 Shawn Willden <swillden@google.com> Refactor keystore.

This CL isn't nearly as big as it looks. It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.

Note that this is a cherry-pick from:

https://android-review.googlesource.com/#/c/194971

Change-Id: Ide326c4f1d03984994d1bd9a76fa68d37da230dc
/system/security/keystore/keystore.cpp
715d023c9294cf4860f73c8d83e82c5aa699add6 21-Jan-2016 Shawn Willden <swillden@google.com> Update Keystore to use keymaster2 HAL.

This CL doesn't wire in any of the new keymaster2 features, it just uses
the keymaster2 HAL rather than the keymaster1 HAL. This means that if
keymaster1 hardware is found, it is unconditionally wrapped in
SoftKeymasterDevice, so keymaster2 functionality can (eventually) be
provided.

Change-Id: Ica2cb0751e4e0a82c56c36b03f94da54ef62d9a3
/system/security/keystore/keystore.cpp
6507c27ab7ea34dd150d7ef9fda41878ed32547c 06-Jan-2016 Shawn Willden <swillden@google.com> Refactor keystore.

This CL isn't nearly as big as it looks. It doesn't change keystore
functionality, it just moves all of the classes out of the former
keystore.cpp into their own .h and .cpp files.

Change-Id: I29a1ce21bff574be56128b32fc417e5a3d3c55fb
/system/security/keystore/keystore.cpp
80b09638de3571d2c12aa3d6e3d22682fc431b72 23-Nov-2015 Shawn Willden <swillden@google.com> Merge "Limit maximum number of concurrent keystore operations."
am: 108a5d34b5

* commit '108a5d34b5ce181dff52906a66862ec084841ec4':
Limit maximum number of concurrent keystore operations.
447095f2a797e7ffeeda13477498d4dda0a7353a 30-Oct-2015 Shawn Willden <swillden@google.com> Limit maximum number of concurrent keystore operations.

Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
85978d0c5991cebaec1211d4111fbbcb01f27514 03-Nov-2015 Shawn Willden <swillden@google.com> Limit maximum number of concurrent keystore operations. am: ddab0bb513 am: 7335397765
am: d7870f1fea

* commit 'd7870f1fea0f7d27dd46153558766088414ec640':
Limit maximum number of concurrent keystore operations.
d7870f1fea0f7d27dd46153558766088414ec640 02-Nov-2015 Shawn Willden <swillden@google.com> Limit maximum number of concurrent keystore operations. am: ddab0bb513
am: 7335397765

* commit '733539776541fa51bddf2d38fb57e556d563d9af':
Limit maximum number of concurrent keystore operations.
ddab0bb51320af9f277d98a4e36e77ea527503e5 30-Oct-2015 Shawn Willden <swillden@google.com> Limit maximum number of concurrent keystore operations.

If keystore is allowed to consume all 16 of the keymaster operation
table slots, cryptfs may not be able to use keymaster to protect the
disk encryption key during a password change. This CL prevents keystore
from allowing more than 15 concurrent keystore operations, leaving one
available for cyptfs.

Bug: 25312003
Change-Id: I3bcae59c6a79d5f7d2e2f432251bb7b818f57581
/system/security/keystore/keystore.cpp
f240a412a5ecb9dd104bf8a274d16f1683c2bcd1 12-Oct-2015 Chad Brubaker <cbrubaker@google.com> am bc22f8d6: am 410ba59a: Fix failure to save master key on new profile

* commit 'bc22f8d63e2ca24ee4ee9d61258d6704bc78724b':
Fix failure to save master key on new profile
4ada9a3f62bab66a2e7cd4fc05fb208033412980 10-Oct-2015 Nick Kralevich <nnk@google.com> am 549adfa1: am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial"

* commit '549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2':
keystore: log pid and uid when auditing SE Linux denial
549adfa1d1be5e0fe7753aa8a7fa8c57ecf1bac2 10-Oct-2015 Nick Kralevich <nnk@google.com> am 75ddca24: Merge "keystore: log pid and uid when auditing SE Linux denial"

* commit '75ddca240244626f8af999fa7fb64d500efa4938':
keystore: log pid and uid when auditing SE Linux denial
75ddca240244626f8af999fa7fb64d500efa4938 10-Oct-2015 Nick Kralevich <nnk@google.com> Merge "keystore: log pid and uid when auditing SE Linux denial"
410ba59a76a8feb48ffb5bde3045ac6f76db0c36 10-Sep-2015 Chad Brubaker <cbrubaker@google.com> Fix failure to save master key on new profile

New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.

Bug: 23889443

(cherry picked from commit 79e0f6440aee69659bc01a0669a329dbaeaf471c)

Change-Id: I1f148fde3862d22292dfce217aacdc3f70f9c2ef
/system/security/keystore/keystore.cpp
e46b855e51233a33880e35eff9553550dc797754 02-Oct-2015 William Roberts <william.c.roberts@intel.com> keystore: log pid and uid when auditing SE Linux denial

When debugging SE Linux rules, the pid and uid of the source context are
helpful in determining what was involved in generating the policy violation.
This information was absent from the keystore logs.

To remedy this, we add pid and uid to the logs:

avc: denied { exist } for pid=571 uid=1000 ...

Change-Id: Ic22128720aa8ac225f26896f9e710783c8ab4f70
Signed-off-by: William Roberts <william.c.roberts@intel.com>
/system/security/keystore/keystore.cpp
7a8a436c1dd8a07e1cf718d6a3f59537a7ee6677 11-Sep-2015 Chad Brubaker <cbrubaker@google.com> Merge "Fix failure to save master key on new profile"
79e0f6440aee69659bc01a0669a329dbaeaf471c 10-Sep-2015 Chad Brubaker <cbrubaker@google.com> Fix failure to save master key on new profile

New profiles use the master key of the parent user for keystore.
Unfortunately copyMasterKey only copies the key from the parent to the
user in memory but doesn't save it to disk, causing the child user to be
uninitialized after a reboot.

Bug: 23889443
Change-Id: I73dfa5d8a2ed064762440dca0ee1a0115b291a97
/system/security/keystore/keystore.cpp
ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e 09-Sep-2015 Chad Brubaker <cbrubaker@google.com> Allow uid to be passed for more operations

This expands get, getmtime, exportKey, getKeyCharacteristcs and begin to
accept a uid to run as. This is only for system to use keys owned by
Wifi and VPN, and not something that can be used to do operations as
another arbitrary application.

Bug: 23978113
Change-Id: If076d61b0cc9d55e96272e49a58938c3961e2dda
/system/security/keystore/keystore.cpp
dbb856e278adb2a1dc05e585a54d80b068247c3c 27-Aug-2015 Chad Brubaker <cbrubaker@google.com> Remove legacy KM_TAG_CREATION_DATETIME

KM_TAG_CREATION_DATETIME is never set anywhere else and the computation
leads to an unsigned overflow false positive.

Change-Id: I7eca6a975ca2f8b199dfcb4871a1e1d6750afc78
/system/security/keystore/keystore.cpp
c2120744da8d0612ad54484b314f94e1e6e3a167 13-Aug-2015 Shawn Willden <swillden@google.com> Merge "Wrap incomplete keymaster1 implementations with sw keymaster." into mnc-dr-dev
54b1e9ad01c8042a449a9237833a335d6be04e83 12-Aug-2015 Chad Brubaker <cbrubaker@google.com> Properly check for Blob max length

sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE

Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
/system/security/keystore/keystore.cpp
55268b5b037a8c3537602b1073ad624455d3672d 28-Jul-2015 Shawn Willden <swillden@google.com> Wrap incomplete keymaster1 implementations with sw keymaster.

SoftKeymasteDevice can provide software digesting and padding for
keymaster1 implementations that don't provide all of the required
digests. This CL modifies keymaster to check for such keymaster1
implementations and add a SoftKeymasterDevice wrapper.

The SoftKeymasterDevice work necessary to make this function would have
required adding an implementation of the keymaster0 API import_keypair
in terms of keymaster1 API calls (import_key). Rather than do that, I
instead implemented the relevant keystore function directly on the
keymaster1 API. This approach is cleaner than adding the same code into
the translation layer, and allows removal of the last vestiges of
keymaster0 API usage from keystore.

Bug: 22529223
Change-Id: Ie4c7bba7943a549f35df3086dccea001edb5bb2b
/system/security/keystore/keystore.cpp
803f37f5d1bf75cb6e0d007f7d473645efd19a1d 29-Jul-2015 Chad Brubaker <cbrubaker@google.com> Fix unchecked length in Blob creation

Applications can specify arbitrary blobs using insert(), check their
length to prevent overflow issues.

Bug:22802399
Change-Id: I4097bd891c733914df70da5e2c58783081d913bf
/system/security/keystore/keystore.cpp
2de8b75821bd62c90dde78e2ca78bbddfaf7ab19 23-Jul-2015 Shawn Willden <swillden@google.com> Add all digests and padding modes to legacy keys

Bug: 22556114
Change-Id: I44fda03305ddd50cb4ba3c6f6b24cfd9c2af9659
/system/security/keystore/keystore.cpp
a9a17eeca2f5d9d3101a7e0bb136360697b6e2f0 17-Jul-2015 Chad Brubaker <cbrubaker@google.com> Mark 0 length files as corrupt

Files created by keystore should never be 0 length however a vendor ran
into such a case when testing their keymaster and a side effect of how
keystore parses files leads to these keys being considered encrypted and
ulitmately undeletable.

Now mark 0 length files as corrupt in readKey and when deleting a key if
the key fails to read in because it was corrupt simply rm the file since
it is not possible to feed the key blob to keymaster's delete method.

Bug: 22561219
Change-Id: Ie8c1ffe97d1d89c202cdab7a6b4b5efc914cbbff
/system/security/keystore/keystore.cpp
b913aa5774c96fae83afe3dd1935394f0edcaaa9 24-Jun-2015 Alex Klyubin <klyubin@google.com> Merge "Abort operation pruning only if it fails to make space." into mnc-dev
700c1a35c52798831b8a8d76a042c4650c6d793f 24-Jun-2015 Alex Klyubin <klyubin@google.com> Abort operation pruning only if it fails to make space.

keystore service's begin operation may sometimes encounter a situation
where the underlying device's begin operation fails because of too
many operations in progress. In that case, keystore attempts to prune
the oldest pruneable operation by invoking the underlying device's
abort operation. Regardless of whether the abort operation fails,
keystore then removes the operation from the list of in-progress
prunable operations.

The issue is that when the underlying device's abort operation fails,
keystore fails the begin operation that caused all this prunining.
This is despite the fact that keystore has managed to make space for
one more operation.

The fix is to fail the begin operation only if the pruning attempt
did not make space for a a new operation.

Bug: 22040842
Change-Id: Id98b2c6690de3cfb2a7b1d3bdd10742cc59ecbfa
/system/security/keystore/keystore.cpp
4e88f9be2b3bb3dcea43f338532882681ee77352 24-Jun-2015 Alex Klyubin <klyubin@google.com> Don't ignore errors from begin operation.

This fixes a bug introduced by
9221bff2f13451ef330135bb32ea96de2a8b09cc which invoked authorization
checks after begin operation, while ignoring any errors returned by
that operation. This CL restrores the correct order: authorization
checks are followed by begin operation.

Bug: 22039986
Change-Id: I3516cb120c21b9659289faa5d1ca0225df35a06d
/system/security/keystore/keystore.cpp
9221bff2f13451ef330135bb32ea96de2a8b09cc 19-Jun-2015 Shawn Willden <swillden@google.com> Add keymaster authorization policy enforcement to keystore.

Bug: 19511945
Change-Id: I76c04e8d3253ba490cedac53bbc75943ec68df1d
/system/security/keystore/keystore.cpp
84c14f0957b365fd33534b88b7eec97b287b67b9 18-Jun-2015 Chad Brubaker <cbrubaker@google.com> Merge "Remove exist check from doLegacySignVerify" into mnc-dev
df70517b8d85b30e6ac7001ec68348f07d5129cb 18-Jun-2015 Chad Brubaker <cbrubaker@google.com> Remove exist check from doLegacySignVerify

exist requires the keystore exist permission which callers of
sign/verify may not have. Instead log key not found if begin returns
::KEY_NOT_FOUND.

Bug: 21658885
Change-Id: I8c42f3a636a248e3fb1f0344bf32667fce57f667
/system/security/keystore/keystore.cpp
b2ffa420da26414379b31807eec76ec8c9f3b0a9 17-Jun-2015 Shawn Willden <swillden@google.com> Don't check authorizations for pubkey operations.

Bug: 21877150
Change-Id: I43dafb66fc3246f4d8e3bf4743fbdcbe072468d1
/system/security/keystore/keystore.cpp
773a2ba83309dc531c5a4b61ec0658bd6ee67dab 01-Jun-2015 Chad Brubaker <cbrubaker@google.com> Track keymaster method changes

Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
3a7d9e626fa6c0e116c07be912c319aad6e08614 05-Jun-2015 Chad Brubaker <cbrubaker@google.com> Rewrite legacy methods in terms of new methods

Rewrite generate, import, get_pubkey, sign and verify using the new
keymaster 1.0 methods (generateKey, exportKey, and begin/update/finish).

This also removed DSA support from generate and import.

Change-Id: I6c6baec4aa86325a2b9c171b9883ba5a0b47236e
/system/security/keystore/keystore.cpp
3cc40125e8b495e7f0784dad53bb9acdb5b9a8eb 04-Jun-2015 Chad Brubaker <cbrubaker@google.com> Allow keymaster 0.3 keys to interopt with keymaster 1.0 methods

Keymaster 0.3 keys are all valid keymaster 1.0 keys, so allow get to
return a keymaster 0.3 when looking for a 1.0 key to allow new methods
to work on old keys.

Change-Id: I20a32e39769a548224bcca7a42ef967285431c5d
/system/security/keystore/keystore.cpp
f82cd5c843faddb89156d331c8d96522878a0524 04-Jun-2015 Chad Brubaker <cbrubaker@google.com> Merge "Add optional additional entropy to finish" into mnc-dev
0d33e0babec356b1e69f1f15e8d9fe2ad878762c 29-May-2015 Chad Brubaker <cbrubaker@google.com> Add optional additional entropy to finish

If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.

(cherry-picked from commit 8cfb8ac6e9bd291e9d861a32de2719e3bc797191)

Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
8c683b98e0b7ed1aa319f727f1d87ba5c410b30b 03-Jun-2015 Chad Brubaker <cbrubaker@google.com> Merge "Use keymaster adapter to support older devices" into mnc-dev
57e106dc183744cdc05c62bea11bc285b3346846 01-Jun-2015 Chad Brubaker <cbrubaker@google.com> Track keymaster method changes

Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
/system/security/keystore/keystore.cpp
bd07a239085228c25898bc6cdece8b1b8758df83 01-Jun-2015 Chad Brubaker <cbrubaker@google.com> Use keymaster adapter to support older devices

The keymaster adapter wraps the hardware module to allow keystore to
call the new keymaster methods on it and continue using old keys created
by that device with the new methods.

Change-Id: Ica08d81c3707023d378ad5fe6562dc642f58ca90
/system/security/keystore/keystore.cpp
8cfb8ac6e9bd291e9d861a32de2719e3bc797191 29-May-2015 Chad Brubaker <cbrubaker@google.com> Add optional additional entropy to finish

If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.

Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
/system/security/keystore/keystore.cpp
e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8 13-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup keystore API

Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

(cherry-picked from commit 9443616391a705856b2cad026afb69dc23a346e9)

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
9bee6bd6335d6e82f8227ba2c268d31361b048fc 15-May-2015 Chad Brubaker <cbrubaker@google.com> Merge "Cleanup keystore API"
c0f031a867a6c3fa05732fcd72bd284d56073cf8 12-May-2015 Chad Brubaker <cbrubaker@google.com> Add onUserAdded/Removed methods

These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.

(cherry-picked from commit fd777e7111ce01c672706867302db08371e5afce)

Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
72593ee807e89239d98ae08d32c733ecc08203ba 12-May-2015 Chad Brubaker <cbrubaker@google.com> Refactor uids to user ids where appropriate

UserState related methods previously took uid's while the state was
based on userId, with the new keystore methods taking userIds start
moving everything in that direction.

(cherry-picked from commit 4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b)

Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
8df5438982209eecb04921b0202dc9ad11e9c31d 13-May-2015 Chad Brubaker <cbrubaker@google.com> Fix missing ALOG argument

Change-Id: If0dca499c884100f296d38bcde7183b186bca44c
/system/security/keystore/keystore.cpp
9443616391a705856b2cad026afb69dc23a346e9 13-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup keystore API

Remove old methods that were replaced by onUser* methods, rename methods
with unclear names, and add userId parameters to all operations that
operate with per user state.

Change-Id: I846fbb0a5ad17b4ee4c0c759fd1fd23f58b88d78
/system/security/keystore/keystore.cpp
fd777e7111ce01c672706867302db08371e5afce 12-May-2015 Chad Brubaker <cbrubaker@google.com> Add onUserAdded/Removed methods

These will handle the logic of Android users being added/removed from
the device instead of the system calling the various reset/sync methods.

Change-Id: Ic6be0de63cc1b0579a46e7101dcfeb1a9ffa4738
/system/security/keystore/keystore.cpp
4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b 12-May-2015 Chad Brubaker <cbrubaker@google.com> Refactor uids to user ids where appropriate

UserState related methods previously took uid's while the state was
based on userId, with the new keystore methods taking userIds start
moving everything in that direction.

Change-Id: I075e973e2403575ba67e8e7a8c331a6c6f7e88e4
/system/security/keystore/keystore.cpp
eecdd12d83b3a602ecbfaee71dd85aa678eb8c99 07-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup password change and removal logic.

Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

(cherry-picked from commit 96d6d7868303ad87f1f408c40d3c44bcb39f561e)

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
96d6d7868303ad87f1f408c40d3c44bcb39f561e 07-May-2015 Chad Brubaker <cbrubaker@google.com> Cleanup password change and removal logic.

Replace password with notifyUserPasswordChanged for password changes,
unlock should now be used to unlock keystore instead of calling password
with the current password.

When the user removes their password now only keystore entries that were
created with FLAG_ENCRYPTED will be deleted. Unencrypted entries will
remain. This makes it more concrete that the keystore could be non-empty
while in STATE_UNINITIALIZED, though this was previously possible due to
the state only being checked if FLAG_ENCRYPTED was set.

Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
/system/security/keystore/keystore.cpp
b37a52337f001f8a43f7cbb64203dba78560ee6b 01-May-2015 Chad Brubaker <cbrubaker@google.com> Fix permission check in reset_uid and clear_uid

System should be able to call these methods with any targetUid.

(cherry picked from commit 01771ae9db7338377317d82e9c7d8dfa2d4299a8)

Bug: 20752184
Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
01771ae9db7338377317d82e9c7d8dfa2d4299a8 01-May-2015 Chad Brubaker <cbrubaker@google.com> Fix permission check in reset_uid and clear_uid

System should be able to call these methods with any targetUid.

Bug: 20752184
Change-Id: Ieaeb2fa44b979970640abbd91c1d8a84f7c62b1f
/system/security/keystore/keystore.cpp
0400675b20e36b976ec13b63e290e6d5d19bf654 30-Apr-2015 Shawn Willden <swillden@google.com> Enable SoftKeymasterDevice logging.

Bug: 20717652
Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
(cherry picked from commit 2764f8672d22ccfb4ed588ce567ef093c7d3e013)
/system/security/keystore/keystore.cpp
9e5016af70cf40f3f443196133d711e28297cdde 30-Apr-2015 Shawn Willden <swillden@google.com> Enable SoftKeymasterDevice logging.

Bug: 20717652
Change-Id: I2397e5cd906d45515a0b2a5591705f458c1aceb0
/system/security/keystore/keystore.cpp
9fd05a9a6299e9688c8fcf755516ea254868d187 30-Apr-2015 Shawn Willden <swillden@google.com> Use SoftKeymasterDevice::keymaster_device rather than casting.

Also document that SoftKeymasterDevice should not be freed.

Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
(cherry picked from commit 47a79ffad8333120870cb613fa4e75990b073026)
/system/security/keystore/keystore.cpp
ef572b648ef26b3348fcbd7c75a8d13292bd094b 30-Apr-2015 Shawn Willden <swillden@google.com> Use SoftKeymasterDevice::keymaster_device rather than casting.

Also document that SoftKeymasterDevice should not be freed.

Change-Id: I027f137b0ffd474bb4b429691fe87eef6338b723
/system/security/keystore/keystore.cpp
7169a8470f6539036addf3c960b075af224e83e2 30-Apr-2015 Chad Brubaker <cbrubaker@google.com> Fix addOperationAuthTokenIfNeeded lookup

(cherry picked from commit 6b541163b3f3271f48e6ff74d1f1da64c6bb8802)

Bug: 20702036
Change-Id: I4caa9f7a6e6e2b05f63b12180a5af65d3a5c0bac
/system/security/keystore/keystore.cpp
6b541163b3f3271f48e6ff74d1f1da64c6bb8802 30-Apr-2015 Chad Brubaker <cbrubaker@google.com> Fix addOperationAuthTokenIfNeeded lookup

Bug: 20702036
Change-Id: I08038ba0ee9e3a35f6c37ce572df284be728b4a7
/system/security/keystore/keystore.cpp
0cf34a249c008743cf2e2371743a89f86aa4b03c 23-Apr-2015 Chad Brubaker <cbrubaker@google.com> Move auth token checking to begin

Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.

One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.

(cherry picked from commit aebbfc2ba548064e4f537154bab6ec60dfe4115e)

Change-Id: I3da4f93a076c0ed2d8630ca8cd1608e9bad2c2ff
/system/security/keystore/keystore.cpp
aebbfc2ba548064e4f537154bab6ec60dfe4115e 23-Apr-2015 Chad Brubaker <cbrubaker@google.com> Move auth token checking to begin

Auth tokens will now be checked on begin and then used for all
subsequent calls for that operation, this means that things like
auth timeouts will only be checked on begin, and operation that starts
at timeout - .00001 will now be able to be used to completion.

One exception to this is keys that use per operation authorization.
Begin for these operations must succeed so that the application gets a
handle to authorize. For those keys if the application calls update
before authorizing the operation the call will fail. For these keys
begin will return OP_AUTH_NEEDED so let the caller know more work is
needed before using the operation.

Change-Id: I5dda40803e7b2aecac27defc64d6d3f630d3f0d0
/system/security/keystore/keystore.cpp
57430977cf7b758a4fe955933e32c5d2d44574b2 17-Apr-2015 Chad Brubaker <cbrubaker@google.com> am c598fab3: am d914f657: am 7a4dd551: Merge "Flush the auth token table on resetUid"

* commit 'c598fab3ae8e363f84e2d6f41dd6511e27df240f':
Flush the auth token table on resetUid
bbc7648d285f67b898d24d307b011fb676ba6643 17-Apr-2015 Chad Brubaker <cbrubaker@google.com> Flush the auth token table on resetUid

This prevents old stale auth tokens from sticking around after clearing.

Change-Id: I92e48b6d8cdba92cbc70f718cb45a4d96bd12900
/system/security/keystore/keystore.cpp
7e6916b6c6019f0f61a4ef757863ca16693128f5 15-Apr-2015 Chad Brubaker <cbrubaker@google.com> am a1581c4e: am 83ee2e7a: am f1b8f6bf: Merge "Refactor permission and state checking"

* commit 'a1581c4e1778b31d4fd8cfe9a1219b93d5276df2':
Refactor permission and state checking
9489b7905acfb27a99dd505364a715f4cf2ab5e6 14-Apr-2015 Chad Brubaker <cbrubaker@google.com> Refactor permission and state checking

Move the permission checking code to checkBinderPermission and
checkBinderPermissionOrSelf target to simplify permission checking code
and clean up keystore methods. Also adds
checkBinderPermissionAndKeystoreState as a helper method to check the
permission and the unlock state of the keystore.

Change-Id: I77c94af1593d2a7fd100c79a6364583067ffa559
/system/security/keystore/keystore.cpp
87f0b385a188db1df285c0ce820b7e2ab43e1e1c 10-Apr-2015 Chad Brubaker <cbrubaker@google.com> am 8c6319b6: am cf0de02b: am 368a1f93: Merge "Store the key characteristics for operations"

* commit '8c6319b69c51102a0fae3baba0585130e278edab':
Store the key characteristics for operations
ad6514ab7a57504aa3b04bcc383f60940b923710 09-Apr-2015 Chad Brubaker <cbrubaker@google.com> Store the key characteristics for operations

Instead of storing the key blob and parsing the characteristics out,
which some implementations might not support, instead call get
characteristics on begin and store that result for subsequent auth
calls.

Change-Id: I75e39ee28cc440e4ed411b2daaa2744085e1aa12
/system/security/keystore/keystore.cpp
eeb99fe1b42c7b4f8298c464cc532994b8531031 01-Apr-2015 Chad Brubaker <cbrubaker@google.com> am dbc0be0a: am a6aa6000: am c1e78258: Merge "Add auth token fetching"

* commit 'dbc0be0a3efb02221913d03ac7dcf9f3832ac06b':
Add auth token fetching
a197d3377a1672439023b9509e402a5abeea8e21 01-Apr-2015 Chad Brubaker <cbrubaker@google.com> am 7fffb19f: am 12ef4ba4: am 8c195ad7: Merge "Implement addAuthToken"

* commit '7fffb19f1a0f6da7c051299b6a69504f7078ab20':
Implement addAuthToken
06801e0a7ccabbe8f22cff29b7edb7c7d02d7692 01-Apr-2015 Chad Brubaker <cbrubaker@google.com> Add auth token fetching

Auth tokens are now fetched from the table in begin update and finish if
needed. Begin will not fail on a missing/expired auth token since some
authorization requires a valid operation handle.

This doesn't yet do any enforcement of the token beyond what the auth
token table does, that should happen in the keymaster auth code when it
is done.

This also includes the key in the operation map since authorization
works based off that and not the handle.

Change-Id: I62a395b74a925b819f4cde75ae3bfab8b8928cd1
/system/security/keystore/keystore.cpp
d80c7b487b2f7f0bf955d0efeaa3db6dcd160639 31-Mar-2015 Chad Brubaker <cbrubaker@google.com> Implement addAuthToken

Change-Id: I7f7647d9a36ea453ec6d62fc84087ca8f76e53dd
/system/security/keystore/keystore.cpp
46552e74f266f3998e42d45d2d13eb1b44a7a01c 31-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 026efd18: am eeb4e1e1: am 96cf1b1e: Merge "Include operation handle in OperationResult"

* commit '026efd182ec465169dde8879d2717be580e15846':
Include operation handle in OperationResult
96cf1b1ee907696cc4342c1b4992c657d0b6aa33 31-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Include operation handle in OperationResult"
36d1b897161385479d511b3c416dc81058e34221 30-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 534b1800: am ec129679: am 41efb6a5: Merge "Add authorization binder methods"

* commit '534b1800f39b5b72de641cf7f3271bf9cd77ef4d':
Add authorization binder methods
41efb6a58c7efd63d3493f9095284c74ed363d46 30-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Add authorization binder methods"
2a36a4f1d738185619b9aa48260fb34a39d04c37 28-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 3b8021da: am 56cba306: am 1cee95d5: Merge "Allow entropy to be provided to some operations"

* commit '3b8021da70494509b46be903a8624a911e63ae08':
Allow entropy to be provided to some operations
154d7699cc30ef5156d6497258c4dd350fcb1286 27-Mar-2015 Chad Brubaker <cbrubaker@google.com> Allow entropy to be provided to some operations

generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.

Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
/system/security/keystore/keystore.cpp
bb219bcfcc868cd2a52483e32a5c33412ede83d3 25-Mar-2015 Chad Brubaker <cbrubaker@google.com> am f44043da: am d020cf7f: am e3ec7541: Merge "Make client/app ids objects in the binder API"

* commit 'f44043daf3ea073823b10f535b237b3ab624a291':
Make client/app ids objects in the binder API
d663442b590b59250062335cc057478001b8e439 22-Mar-2015 Chad Brubaker <cbrubaker@google.com> Make client/app ids objects in the binder API

Previously a null client/app id was translated into a blob with
length=0, data=NULL, but this was a bit janky and required null ids to
be set on key creation/import.

Change-Id: I27607a50f4dc5a898625b569f5293369f0039eba
/system/security/keystore/keystore.cpp
2ed2baa7de690b09430b40625e6b18d10757a2fd 22-Mar-2015 Chad Brubaker <cbrubaker@google.com> Add authorization binder methods

Add methods for sending an auth token to keystore and to query the
authorization state of a given operation. These methods are currently
stubs until authorization is implemented.

Change-Id: I0f97ffb3afe19c1f1d8a00bfc95e27616e7cb06c
/system/security/keystore/keystore.cpp
c3a1856bbe2e39d5b3430f5f088b12fd710a159f 18-Mar-2015 Chad Brubaker <cbrubaker@google.com> Include operation handle in OperationResult

Some authorization code needs to know the actual underlying operation
handle, not simply a reference to it, so return it in case it is needed.
Note that the handle cannot be used by the application to reference an
operation.

Change-Id: I4c883dde17168b7f6c1643d81741a4c2686d3159
/system/security/keystore/keystore.cpp
47f8edd24cf93a7e9dda01da82e8a579dc3be3f2 17-Mar-2015 Alex Klyubin <klyubin@google.com> am bf9efff8: am 3bfd091a: Merge "Implement keymaster 1.0 crypto operations"

* commit 'bf9efff8dc8b9c6b48ca2b487c0f9c4a287733f2':
Implement keymaster 1.0 crypto operations
e4af5e6bb0a6d393b0e5cac2978366de0a23f3d8 17-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 6ee02f24: am f394e372: Merge "Implement keymaster 1.0 export_key method"

* commit '6ee02f24e40223b51c6e66d0f7d527f9e4f3e622':
Implement keymaster 1.0 export_key method
944befbec268f0094c3c174156187066737d187d 17-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 86466698: am b4e09c2d: Merge "Implement keymaster 1.0 import_key method"

* commit '864666987be48548d1077a2aa780b1cacb950657':
Implement keymaster 1.0 import_key method
40a1a9b306d4e3c85b24f80ff39841507cf42357 20-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 crypto operations

Change-Id: I365ea9082e14bccb83018e8ea67a10408362c550
/system/security/keystore/keystore.cpp
07b0cda3b14d16205ce3040d00bc18d15eda5fdc 19-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 export_key method

Change-Id: I2a87cb61c340a099cc98d1a2db9e7390fb001b5d
/system/security/keystore/keystore.cpp
4c353cb98e52e2ea8f051b517fec064f1d3fa99f 11-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 import_key method

Change-Id: I5bc24bc3177c6fc88141a42ed4d6a7a3d42e2c2f
/system/security/keystore/keystore.cpp
49185e7f39bcf8c79360a924fc405ebd4c1a70b0 16-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 2ca97bcd: am af3e993d: Merge "Implement keymaster 1.0 get_key_characteristics method"

* commit '2ca97bcd70bd55a5bf75f1ed8e836bdc876c8c9d':
Implement keymaster 1.0 get_key_characteristics method
af3e993d459791f77feb66756bc2ac21d46a052a 16-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Implement keymaster 1.0 get_key_characteristics method"
f06a45374c63e11631e124dbb3199dda206e595b 16-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 48c45fec: am f24ee2bb: Merge "Removed unused variables"

* commit '48c45fec70722c0afd9af7e98b868bd0aa952ec8':
Removed unused variables
db38ca0e0493b97597041cf1032976c46f4a12bd 16-Mar-2015 Chad Brubaker <cbrubaker@google.com> Removed unused variables

Change-Id: Ie2d46b2a864c9b0e75f4a055f2cc68810c16e763
/system/security/keystore/keystore.cpp
9c9cb2f32cc9e78a647411aae8bc24dfb02710ef 16-Mar-2015 Chad Brubaker <cbrubaker@google.com> am fc0bc737: am 1bc16e46: Merge "Implement keymaster 1.0 generate_key method"

* commit 'fc0bc7374ff769fd069e7fb0f4e4f7643b52916a':
Implement keymaster 1.0 generate_key method
6cce2c3420458fe7a29da6b6c7e6a246017dac3b 11-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 629d2d27: am f9a96d81: am b0f70423: Merge "Implement keymaster 1.0 add_rng_entropy"

* commit '629d2d27f44798e3cf58f4671560ac04c4b59fe7':
Implement keymaster 1.0 add_rng_entropy
67d2a5029e8c25c5ee448e3bbd245cdcebe6abd3 11-Mar-2015 Chad Brubaker <cbrubaker@google.com> Revert "Fix build: Revert "Use keymaster 1.0 softkeymaster""

This reverts commit d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f.

Change-Id: I774a418f30b1f57fbccdb06efe242b0212370f02
/system/security/keystore/keystore.cpp
f3f071fc5020fa5255f49e898a7c4a1cbf824a99 11-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 get_key_characteristics method

Change-Id: I02e1ff4ef67f5e3dcd34453ac2a16218961a03bf
/system/security/keystore/keystore.cpp
17d68b9520e66226f1c7b2e1b3bd183ac80ca58b 06-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 generate_key method

Change-Id: Ib63de5d9ee8da60599af2e644122ac6777720c8c
/system/security/keystore/keystore.cpp
d48cb24f77c1ddf8034c9aac4f5046f0f0c3f91f 11-Mar-2015 Ed Heyl <edheyl@google.com> Fix build: Revert "Use keymaster 1.0 softkeymaster"

This reverts commit 919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee.
/system/security/keystore/keystore.cpp
a909f80ddbe2174e223cf5266156eb2b9c4a0faf 10-Mar-2015 Chad Brubaker <cbrubaker@google.com> am 0d03a496: am bb196a1b: am 1b0fbce9: Merge "Use keymaster 1.0 softkeymaster"

* commit '0d03a496110f58f28a85e4d1e5e8640fcc589c61':
Use keymaster 1.0 softkeymaster
9c8612c88dc03dc52d85e7a482453e04e7e3e2a2 09-Feb-2015 Chad Brubaker <cbrubaker@google.com> Implement keymaster 1.0 add_rng_entropy

Change-Id: Ib027930049dec289b62e45eaa6cad32c03d9556c
/system/security/keystore/keystore.cpp
efd601baf982e17c09f581d6a462c0de046acd9a 08-Mar-2015 Chad Brubaker <cbrubaker@google.com> resolved conflicts for merge of 41ceb7db to master

Change-Id: I72c429dbf30f3313ca12ccee3cceb7ff6e49f719
919cb2a5a9dabd61cb02eff7a589f9f1f0f793ee 06-Feb-2015 Chad Brubaker <cbrubaker@google.com> Use keymaster 1.0 softkeymaster

This changes the fallback device to the new keymaster 1.0 softkeymaster
as well as changes keystore to use keymaster1_device_t's everywhere
internally. It is safe to cast a keymaster0_device_t* to a
keymaster1_device_t* and access all the keymaster0 methods, but all
keymaster 1.0 method calls on the hardware device MUST check that the
device version is >= keymaster 1.0.

Change-Id: I6a5906da774f774723c14ea71f69b1c1efcc5a33
/system/security/keystore/keystore.cpp
9899d6b392e8223c3c00bfccadd43b18cdc96b4f 03-Feb-2015 Chad Brubaker <cbrubaker@google.com> Add Keymaster 1.0 binder methods

Add all the serialization required for the new keystore binder API to
support keymaster 1.0. The keystore methods themselves are left as
stubs, will be filled in in later commits.

Change-Id: Ibb5855dba879ae35c375c087c54d1bcdca53163f
/system/security/keystore/keystore.cpp
b060ae059cb9f891af49e93aa0d546b2e5a838a8 05-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Revert "Add Keymaster 0.4 binder methods""
6266c9670154d33488c2d31d1715b2a35f5e631b 05-Mar-2015 Chad Brubaker <cbrubaker@google.com> Revert "Add Keymaster 0.4 binder methods"

This reverts commit c5b1ae13eca39a1f63cc690369d1eee445d3c399.

Change-Id: Ib46a54493c332811c0aa84aa7c1cf12938daedbe
/system/security/keystore/keystore.cpp
cbafa3d3c4cd39118380af2076b6eab12d6beedf 05-Mar-2015 Chad Brubaker <cbrubaker@google.com> Merge "Add Keymaster 0.4 binder methods"
80843db63ed6b61c953a1243801117a15c9e8c38 24-Feb-2015 Shawn Willden <swillden@google.com> Separate keymaster0 and keymaster1 HALs.

Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498a 24-Feb-2015 Shawn Willden <swillden@google.com> Separate keymaster0 and keymaster1 HALs.

Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/system/security/keystore/keystore.cpp
c5b1ae13eca39a1f63cc690369d1eee445d3c399 03-Feb-2015 Chad Brubaker <cbrubaker@google.com> Add Keymaster 0.4 binder methods

Add all the serialization required for the new keystore binder API to
support keymaster 0.4. The keystore methods themselves are left as
stubs, will be filled in in later commits.

Change-Id: I52f36c92f6398c71b0ec6b4c8afbffbd226e0afe
/system/security/keystore/keystore.cpp
409350fe9d13f2b663a757e1384084856d279467 23-Feb-2015 Alex Klyubin <klyubin@google.com> Merge "Initialize the blob struct before using it."
7c1eb75a6898452867ca28a4d7fad2d91edca615 20-Feb-2015 Chad Brubaker <cbrubaker@google.com> Fix incorrect keymaster device usage.

importKey's fallback code used mDevice instead of mFallbackDevice when
falling back to software. Causing a crash.

Change-Id: Ic53bdbce9ae0d242ed958323c505cbf91372e421
/system/security/keystore/keystore.cpp
1773b442b16098c6d111d6371d4a986a0747992b 20-Feb-2015 Alex Klyubin <klyubin@google.com> Initialize the blob struct before using it.

Bug: 19457895
Change-Id: Ie69cf9c5c8e6707b9e6d4ded5118775496df4bb9
/system/security/keystore/keystore.cpp
c3d14005892efde05a7abdb476d7ffcd79fe5ff4 12-Feb-2015 Chad Brubaker <cbrubaker@google.com> Merge "Use a keystore_device for fallback to softkeymaster"
fc18edcdfe2f7774e621030d51338f3216170b97 13-Jan-2015 Chad Brubaker <cbrubaker@google.com> Use a keystore_device for fallback to softkeymaster

Makes the fallback to the software keymaster code cleaner and removes
direct calls to the fallback methods to make changing the implementation
easier.

Change-Id: I24f91f159744991d25aa3ce0638fc3d16284aeb2
/system/security/keystore/keystore.cpp
aaf9802da6cea710e0777abb852724e1825cad63 25-Jan-2015 Elliott Hughes <enh@google.com> Include <strings.h> for ffs.

No pun intended.

Change-Id: I89b2c73af143053223f8116e65456f85f09fb591
/system/security/keystore/keystore.cpp
50ad778dc24adbd2cb9c79ed4bf312b9fff17865 26-Sep-2014 Robin Lee <rgl@google.com> am 90c47791: Merge "Delete user\'s keys only after keystore reset" into lmp-dev

* commit '90c4779146c9ac154fe85cd6a0775f8e1fc29be8':
Delete user's keys only after keystore reset
90c4779146c9ac154fe85cd6a0775f8e1fc29be8 26-Sep-2014 Robin Lee <rgl@google.com> Merge "Delete user's keys only after keystore reset" into lmp-dev
4b84fdc21457e16b08dc2738f4744c9ca7f7cc46 24-Sep-2014 Robin Lee <rgl@google.com> Delete user's keys only after keystore reset

Original behaviour deletes all keys on the device, not just those for
the caller. We use the clear_uid routine to call delete_keypair on all
known keys instead.

Bug: 17403144
Change-Id: If43465ed593153a557b2129968a3adf12d2749cb
/system/security/keystore/keystore.cpp
eb819f75ae440b39b441cff73808df5641286139 26-Sep-2014 Kenny Root <kroot@google.com> am a39da5a2: Fallback to software keystore on import_key failure

* commit 'a39da5a226975f8b75f93de255a21d526ae8d334':
Fallback to software keystore on import_key failure
a39da5a226975f8b75f93de255a21d526ae8d334 25-Sep-2014 Kenny Root <kroot@google.com> Fallback to software keystore on import_key failure

This is to allow keymaster HAL 0.3 types to be able to fallback when
they don't support DSA or EC keys.

Bug: 17576126
Change-Id: I7e1e806e26fb61e2cd033d7d3a2c09560764ca42
/system/security/keystore/keystore.cpp
f33c72fcd7b8e599e5d3d096ea3912fa3c53ff07 12-Sep-2014 Kenny Root <kroot@google.com> am 31e27468: isEmpty checks all files like reset

* commit '31e27468b6d822adbd2aec9219a68c206aa6957c':
isEmpty checks all files like reset
31e27468b6d822adbd2aec9219a68c206aa6957c 10-Sep-2014 Kenny Root <kroot@google.com> isEmpty checks all files like reset

Since reset deletes all files in a user directory, change isEmpty to
alse look at all files in the directory. This makes the two symmetric.

Bug: 16935053
Change-Id: Id30685203f4b5484d757022ee971f8d877c15263
/system/security/keystore/keystore.cpp
9e0c0a784e4c94d7b829b5837bdad10076f06e98 04-Sep-2014 Chih-Hung Hsieh <chh@google.com> am f583a75c: Merge "Comment out unused parameter."

* commit 'f583a75c0940218c3df0170b514bcba1c992aecf':
Comment out unused parameter.
a25b2a397fff48dea7bce16af2065e6f5f043956 03-Sep-2014 Chih-Hung Hsieh <chh@google.com> Comment out unused parameter.

BUG: 17281763
Change-Id: I1881e31893cd2d84389e4b29a4408d58654c20ca
/system/security/keystore/keystore.cpp
4e865753346fc6a075966972a7a98051818859db 19-Aug-2014 Robin Lee <rgl@google.com> APIs for syncing password between profiles

Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
/system/security/keystore/keystore.cpp
b224f0ae07dd86cd7493bd497e1174db52b3782d 12-Aug-2014 Robin Lee <rgl@google.com> Correct double-convert from uid to userid

This was making readMasterKey and writeMasterKey always operate on
user 0, because of a double-division - getUserState(*) already
takes into account that the argument is a uid.

Fixes a number of issues related to multi-user and keystore; works
toward fixing bug 16233206.

(cherry picked from commit 50122db50bcb6c1aab50ef235c8f9d264b50e97a)

Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
50122db50bcb6c1aab50ef235c8f9d264b50e97a 12-Aug-2014 Robin Lee <rgl@google.com> Correct double-convert from uid to userid

This was making readMasterKey and writeMasterKey always operate on
user 0, because of a double-division - getUserState(*) already
takes into account that the argument is a uid.

Fixes a number of issues related to multi-user and keystore; works
toward fixing bug 16233206.

Change-Id: Ia1434fd0d076b0c36d383ff7390b17c78d7811b5
/system/security/keystore/keystore.cpp
a62474699a202588609d7051e677f23734151900 01-Aug-2014 Kenny Root <kroot@google.com> Merge "keystore: allow system to clear keys even while encrypted" into lmp-dev
931fac098f2ae35aa1da26ced57962c9a21f95cf 31-Jul-2014 Kenny Root <kroot@google.com> keystore: fully reset user keystore on request

The reset was improperly skipping the .masterkey file which left
keystore in a "LOCKED" state next time it was started up. The .masterkey
should have been deleted to leave it in the requested "UNINITIALIZED"
state next time it started.

It looks like some logic was left over to check the UID to see if it
matches the current user. Currently there's no way to have a UID in
the user directory that doesn't match the current user.

(cherry picked from commit a71c9d6bb8b12b38a12fcd18321eb67e3b974be8)

Bug: 13886753
Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
007cb236ada4b3d70815f03dd07116a5e187f4dd 31-Jul-2014 Kenny Root <kroot@google.com> keystore: allow system to clear keys even while encrypted

Since we can store keys that are unencrypted, we should allow the
clearing of data for apps when the keystore is still in a LOCKED state.
Also allow the system user to delete keys since this is necessary for
system maintenance when application data is cleared or the application
is uninstalled.

(cherry picked from commit e17c25459fc0f200134e10a1aaef12fa8f930f04)

Bug: 15751553
Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
cf5a7fc9fbaa8a084fb874ad2d6780c6914cd278 01-Aug-2014 Kenny Root <kroot@google.com> Merge "keystore: fully reset user keystore on request"
e17c25459fc0f200134e10a1aaef12fa8f930f04 31-Jul-2014 Kenny Root <kroot@google.com> keystore: allow system to clear keys even while encrypted

Since we can store keys that are unencrypted, we should allow the
clearing of data for apps when the keystore is still in a LOCKED state.
Also allow the system user to delete keys since this is necessary for
system maintenance when application data is cleared or the application
is uninstalled.

Bug: 15751553
Change-Id: Id02bc9992bd529e79be7a09d2bce208942d42b84
/system/security/keystore/keystore.cpp
a71c9d6bb8b12b38a12fcd18321eb67e3b974be8 31-Jul-2014 Kenny Root <kroot@google.com> keystore: fully reset user keystore on request

The reset was improperly skipping the .masterkey file which left
keystore in a "LOCKED" state next time it was started up. The .masterkey
should have been deleted to leave it in the requested "UNINITIALIZED"
state next time it started.

It looks like some logic was left over to check the UID to see if it
matches the current user. Currently there's no way to have a UID in
the user directory that doesn't match the current user.

Bug: 13886753
Change-Id: Icd3a1a55153a0dd28a26d51a5ae7f6de1a7da043
/system/security/keystore/keystore.cpp
eaabae9bf8ff0873b0ece2a835f71ee6c6b49437 30-Jun-2014 Riley Spahn <rileyspahn@google.com> Add calls for SELinux MAC checks in keystore.

Add call to SELinux in the has_permission function call. Add
mapping of permission to string used by SELinux. The SELinux
rules currently mirror those currently defined in
keystore.cpp.

Change-Id: I5bfa92bb88f5ed4bf574434abdf28b54eef91a6d
/system/security/keystore/keystore.cpp
66dbf67dd65b4808a15ef64f0ffde1275bdd58a9 30-Jun-2014 Nick Kralevich <nnk@google.com> Revert "Add calls for SELinux MAC checks in keystore."

getcon fails if SELinux is disabled. Revert for now until
a more appropriate fix is made.

This reverts commit 0e542d0b849a42b6641bf64fd87c7076c98b73d1.

Bug: 15945719
Change-Id: Ifa24608b374ea3dc8b5569a5cd214db823a00f26
/system/security/keystore/keystore.cpp
0e542d0b849a42b6641bf64fd87c7076c98b73d1 19-Jun-2014 Riley Spahn <rileyspahn@google.com> Add calls for SELinux MAC checks in keystore.

Add call to SELinux in the has_permission function call. Add
mapping of permission to string used by SELinux. The SELinux
rules currently mirror those currently defined in
keystore.cpp.

Change-Id: I3893a25c50b24396b4198ec8b949eee045987ae8
/system/security/keystore/keystore.cpp
1d448c074a86ef5d05a22fdf1358718976628a86 21-Nov-2013 Kenny Root <kroot@google.com> Add support for specifying which key types are supported

Change-Id: Ia5a331868ea3e09891c52bbabc2942554253c458
/system/security/keystore/keystore.cpp
c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5 06-Dec-2013 haitao fang <haitao.fang@sonymobile.com> Fix the Vector erase bug

In the Vector traversal and delete operation, we can't
move to the next item when we use the erase function.

Change-Id: I9accfb7f109f73dcec900b666077120235bf7ef1
/system/security/keystore/keystore.cpp
6489e02e134e4779d35c4a340ff68ad445fde133 02-Dec-2013 Matteo Franchin <matteo.franchin@arm.com> Use %zu, %td for size_t, ptrdiff_t, respectively.

Changing ALOG format strings to %zu (for one size_t integer) and to
%td (for a couple of pointer differences). These changes are necessary
when compiling for LP64 architectures.

Change-Id: I9bb667500af1b82c360f0fc84e50d70bd46cba6e
Signed-off-by: Matteo Franchin <matteo.franchin@arm.com>
/system/security/keystore/keystore.cpp
72f6fde4563f9e5f2aff8211a54342d752aa7029 16-Oct-2013 Kenny Root <kroot@google.com> resolved conflicts for merge of 1a023f89 to klp-dev-plus-aosp

Change-Id: I61c3d1ea509adc54b85bb6bb11350b6c466a8608
fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbc 15-Oct-2013 Kenny Root <kroot@google.com> Fix some spots where targetUid was missed

Some of the targetUid arguments weren't used where they should have
been.

Change-Id: Ief5df897440ddfb572feb57026a6057d64c7c09b
/system/security/keystore/keystore.cpp
f90361244bacff74988fdcd33bc986e143860b10 09-Oct-2013 Kenny Root <kroot@google.com> am ee8068b9: Set encrypted flag when appropriate

* commit 'ee8068b9e7bfb2770635062fc9c2035be2142bd8':
Set encrypted flag when appropriate
ee8068b9e7bfb2770635062fc9c2035be2142bd8 07-Oct-2013 Kenny Root <kroot@google.com> Set encrypted flag when appropriate

"generate" and "put" were not setting the encrypted flag in the blob
written to disk. Add setting the flag whenever appropriate for these
functions.

Additinally, the master key should always be encrypted.

Bug: 11113056
Change-Id: Ibf8f2ad4d5de0732dcc25e1005ad4751683e3b80
/system/security/keystore/keystore.cpp
dc3b74f61eb0aa00bfcc6e2679338d5c7ba4bc97 11-Sep-2013 Kenny Root <kroot@google.com> am ace0b422: Merge "Use canonical UniquePtr.h header"

* commit 'ace0b4229a8ad6682e4439e3853de923c91628dc':
Use canonical UniquePtr.h header
26cfc08add3966eca5892e3387cf5ed6dc3068fb 11-Sep-2013 Kenny Root <kroot@google.com> Use canonical UniquePtr.h header

Change-Id: Iab1dc428c2330a07a5944a1cfbb25c8134b11950
/system/security/keystore/keystore.cpp
70f16c198320a36bde1c2fe522ce26bd963ec920 05-Sep-2013 Kenny Root <kroot@google.com> Add argument to binder call to check key types

Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.

(cherry picked from commit 1b0e3933900c7ea21189704d5db64e7346aee7af)

Bug: 10600582
Change-Id: I52418ade881d053229dd3c1d0cf438823468b51b
/system/security/keystore/keystore.cpp
b4d2e0233f6aeb69d4c2a216830709040e52366e 04-Sep-2013 Kenny Root <kroot@google.com> Provide fallback for keymaster implementations

Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.

(cherry picked from commit 17208e0de5a42722901d803118745cca25fd10c1)

Bug: 10600582
Change-Id: Ic02102cb2b7f66e2ad3469f4edd9d03c4ae3fdf4
/system/security/keystore/keystore.cpp
86b16e8c0d353af97f0411917789308dba417295 09-Sep-2013 Kenny Root <kroot@google.com> Move key name creation to common path

Bug: 10676015
Change-Id: I781e142217959a8a068844b9cb041282b8ae2a74
/system/security/keystore/keystore.cpp
1b0e3933900c7ea21189704d5db64e7346aee7af 05-Sep-2013 Kenny Root <kroot@google.com> Add argument to binder call to check key types

Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.

Bug: 10600582
Change-Id: I864e5aa0484ae44ccfaf859560700cfc34f58711
/system/security/keystore/keystore.cpp
17208e0de5a42722901d803118745cca25fd10c1 04-Sep-2013 Kenny Root <kroot@google.com> Provide fallback for keymaster implementations

Some implementations won't support ECDSA or DSA, so provide a fallback
for them by using the softkeymaster implementation. This will allow us
to universally support ECDSA and DSA on all platforms regardless of HAL
version.

Bug: 10600582
Change-Id: Ib842816cc1415ec00abb7d22c8e9b6bbe58f6a86
/system/security/keystore/keystore.cpp
96427baf0094d50047049d329b0779c3c910402c 16-Aug-2013 Kenny Root <kroot@google.com> Add support for DSA and ECDSA key types

(cherry picked from commit 6071179a371fcd4c238375068ffd7d3cedea615d)

Bug: 10600582
Change-Id: I0d851bbe1230a31033614c9f9b9de94f1f842618
/system/security/keystore/keystore.cpp
6071179a371fcd4c238375068ffd7d3cedea615d 16-Aug-2013 Kenny Root <kroot@google.com> Add support for DSA and ECDSA key types

Change-Id: Ibee8d172eeb36f1a2e2ce62f275aea55ada5bcbf
/system/security/keystore/keystore.cpp
a77e809ecff5190790906fb7a3c527259c735071 14-Jun-2013 Douglas Leung <douglas@mips.com> Add 1 byte for the NULL char. This bug was causing CTS failures and stack corruption for Mips.

Change-Id: Ib7e8eb0e79ee55fffb8cf36371688ba544734029
Signed-off-by: Douglas Leung <douglas@mips.com>
/system/security/keystore/keystore.cpp
60898896c3f3b2245d10076cac64346c956dbaa5 17-Apr-2013 Kenny Root <kroot@google.com> keystore: fix import as other UIDs

The targetUid was not being used as the user to store the key as, so it
was ending up under the calling UID. This change matches the code for
insert and generate now.

(cherry picked from commit 360f51f7af191316cd739f229db1c5f7233be063)

Bug: 8634328
Change-Id: I6bb9f66687552af990fdf90501f183930910ba8d
/system/security/keystore/keystore.cpp
f9119d6414f43ef669d64e9e53feb043eda49cf3 03-Apr-2013 Kenny Root <kroot@google.com> keystore: Add flag for blobs to be unencrypted

In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.

(cherry picked from commit 0c540aad5915e6aa34345049be96f28b64d0e84c)

Bug: 8122243
Change-Id: Ie97f6df1ba141b1ed8007413ec1a834b0486cc2a
/system/security/keystore/keystore.cpp
5f53124250025d3113c9c598a2f101330144b10c 12-Apr-2013 Kenny Root <kroot@google.com> keystore: fix bug in clear_uid

(cherry picked from commit aae26fc0e58c99ac8e0df69b913523e81fa15d66)

Bug: 8566369
Change-Id: Ic1b604f6cc0c3a950e7ce1b98604a9fd7419f720
/system/security/keystore/keystore.cpp
655b958eb2180c7c06889f83f606d23421bf038c 04-Apr-2013 Kenny Root <kroot@google.com> keystore: Add multi-user support

Split the directories out per-user. Each Android user ID gets its own
directory and master key. This gives each user its own locked/unlocked
state.

Add migration code that converts existing keystores to this scheme. This
even migrates keys that used the non-public API, but only for the
primary user. The secondary users may have a different lock screen
pattern that would no longer work to unlock the master key.

Bug: 7249554
Change-Id: Ie135235ab1eb88ddb2d89a6cb4ffd8fb6736c573
/system/security/keystore/keystore.cpp
483407eaca108d3717bb49770915d6d95d5d0e0c 05-Apr-2013 Kenny Root <kroot@google.com> keystore: fix inverted hardware keystore check

Check should be that the 'is_software' flag is off.

Change-Id: Ic03ef957f6aa62b959b24fe8e4ff202f431aab89
/system/security/keystore/keystore.cpp
ff620c25d1af495c74cdeb4e5a652adf6858cf88 04-Apr-2013 Kenny Root <kroot@google.com> Fix CL split and build

Change-Id: Ie96b2d22af839b67daed4f194e37864cd50e8463
/system/security/keystore/keystore.cpp
cfeae072c96d84f286ddbf0aff8055c12c7c4f15 04-Apr-2013 Kenny Root <kroot@google.com> keystore: fix upgrades

During an upgrade, a blob would be written out to disk. Whenever a blob
is written to disk, it is encrypted in-place. After upgrade, keystore
would attempt to use the blob, but get garbage instead of what it
expected since it was encrypted.

This moves the work of writing up a level so it can then re-read the
blob after upgrade.

Bug: 7249554
Change-Id: I3946c5db1c2fc57ace476db04f792e3b82d1cb15
/system/security/keystore/keystore.cpp
a9bb549868035e05450a9b918f8d7de9deca5343 02-Apr-2013 Kenny Root <kroot@google.com> keystore: command to clear all keys for UID

Add ability for system UID to clear all entries for a different UID.

Bug: 3020069
Change-Id: Ibfeea6aae9006cb2ef7052ead72b2704dfce3cb4
/system/security/keystore/keystore.cpp
8ddf35a6e1fd80a7d0685041d2bfc77078277c9d 29-Mar-2013 Kenny Root <kroot@google.com> keystore: add API to query storage type

Add an API to query the HAL to see what kind of storage it reports the
device is.

Change-Id: I37951e989ad724e2352df6e321f03f19e58b4fca
/system/security/keystore/keystore.cpp
d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cf 21-Mar-2013 Kenny Root <kroot@google.com> keystore: change migrate to duplicate

After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.

Change-Id: Id6ff97bfa5ec4cca9def177677263e9be1c9619f
/system/security/keystore/keystore.cpp
0225407783ee339164a0cd8ca5ef04c99d27c59a 20-Mar-2013 Kenny Root <kroot@google.com> keystore: add "migrate" command

To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.

Bug: 8122243
Change-Id: I31e2ba3b3a92c582a6f8d71bbb139c408c06814f
/system/security/keystore/keystore.cpp
494689083467ec372a58f094f041c8f102f39393 19-Mar-2013 Kenny Root <kroot@google.com> keystore: allow system UID to WiFi or VPN

Previously we redirected all calls from the wifi or vpn UIDs to the
system UID's namespace. This switches the paradigm to allow system to
write into wifi and vpn UID keystore spaces instead.

Change-Id: Ib9144cb12435b09ab2e8c24b75366cf9762965fe
/system/security/keystore/keystore.cpp
9d45d1caba5135e6b8bd6d05d449e8dcf52b6802 14-Feb-2013 Kenny Root <kroot@google.com> keystore: Check for unlock, not for specific state

Most callers only care if the keystore is unlocked for use and not
whether it's in a specific state. Change this now so we can change the
states later.

Change-Id: I2de87c84fd16b33ee9e3eca3843a8260e1f5af87
/system/security/keystore/keystore.cpp
b88c3eb96625513df4cc998d739d17266ebaf89f 13-Feb-2013 Kenny Root <kroot@google.com> keystore: add UID to certain APIs

This will allow explicit indication of which UID to put things under for
trusted UIDs (e.g., system UID) in a future change instead of putting
things only in the calling UID.

Change-Id: Ifc321a714d874a1142890138101ce4166906f413
/system/security/keystore/keystore.cpp
d38a0b07a3104fcb1e747a0fa06641dee8fc058f 13-Feb-2013 Kenny Root <kroot@google.com> keystore: rename uid to callingUid

Change-Id: Ib056ad6b4f2149292100cda9106de19eb7b2e259
/system/security/keystore/keystore.cpp
70c9889c5ca912e7c492580e1999f18ab65b267b 07-Feb-2013 Kenny Root <kroot@google.com> Remove Value and ValueString classes

This was left-over from previous changes and nothing really used it any
more.

Change-Id: Id7bb58ffbc3f5b7f337e9bdbe8d0be315105cb26
/system/security/keystore/keystore.cpp
36a9e231e03734cd2143383d26388455c1764e17 04-Feb-2013 Kenny Root <kroot@google.com> Fix mtime via Binder

Change-Id: I3d5e3d4114d40902a6cf25a4c8ffabea4cc7851f
/system/security/keystore/keystore.cpp
5281edbc9445065479e92a6c86da462f3943c2ca 22-Nov-2012 Kenny Root <kroot@google.com> Actually terminate on EOF

Change-Id: I02729444a822bd2d3c9a6fd6e118079e2d8973e4
/system/security/keystore/keystore.cpp
150ca934edb745de3666a6492b039900df228ff0 14-Nov-2012 Kenny Root <kroot@google.com> EINTR handling and debugging for error cases

Some interruptable syscalls were not wrapped with TEMP_FAILURE_RETRY
while others were. Add them where necessary.

Additionally, some error cases were not logging any messages so things
would mysteriously fail if there was an underlying filesystem problem.

Change-Id: I0b789376b2971fa8aaaff7eac21a90a9a94afac8
/system/security/keystore/keystore.cpp
07438c8d7256d3788dac323b4d0055f201e0bec9 02-Nov-2012 Kenny Root <kroot@google.com> Switch keystore to binder

Change-Id: I6dacdc43bcc1a56e47655e37e825ee6a205eb56b
/system/security/keystore/keystore.cpp
c3cb851b5028011d7bdd0afbfbd7d9d62c2d8997 14-Sep-2012 Pavel Chupin <pavel.v.chupin@intel.com> Add casts to avoid build warnings with gcc-4.7

Example:
keystore.cpp:1339:35: error: narrowing conversion of 'CommandCodes[0]'
from 'command_code_t {aka unsigned char}' to 'int8_t {aka signed char}'

Change-Id: I8cd239880821724050d1716b78851807e0246ef2
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
/system/security/keystore/keystore.cpp
344e0bc23ca46b9acec97ac8bcd87949bde0ccab 15-Aug-2012 Kenny Root <kroot@google.com> Add getmtime command for keys

This allows you to check when a key was last modified.

Change-Id: I167844d9a50e26aadfc73a2252b937d2ef09f09d
/system/security/keystore/keystore.cpp
9a53d3eaf42104ddf02feeccec3cf7f5c1a34bae 14-Aug-2012 Kenny Root <kroot@google.com> keymaster HAL users don't need delete_keypair

The keymaster HAL implementations don't need the delete_keypair method,
but keystore currently throws an error when it's not implemented. This
causes problems with at least the OpenSSL software implementation.

Bug: 6985351
Change-Id: I3d7f7dce2a6d4aad38c20f555ab16aa45f1823b8
/system/security/keystore/keystore.cpp
a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1 17-Jul-2012 Brian Carlstrom <bdc@google.com> Handle keynames with special characters such as - and .

Bug: http://code.google.com/p/android/issues/detail?id=34577
Bug: 6837950

(cherry-picked from 0114bd9f9bbc2458ca77bf3508e7c15992a432b1)

Change-Id: I0c265fe73c1b2c430ffd196a21691264f8f3b555
/system/security/keystore/keystore.cpp
e95ce35d10d6e0a7315a57f30d9c88d89880a4e1 07-Apr-2012 Amith Yamasani <yamasani@google.com> Allow calls from secondary user Settings app.

This is so that Face Unlock can be a valid option for a lockscreen.
Otherwise get a PERMISSION_DENIED when uid = 101000.

Change-Id: I0085b27dbd4d2f1988ba654acadd72c30f76a47e
/system/security/keystore/keystore.cpp
da1ed9ab99c00698af64ec655ff668efffe2960d 10-Apr-2012 Kenny Root <kroot@google.com> Turn on extra compiler checks

Turn on the compiler flags -Wall -Wextra -Werror to make sure no
compiler warnings are added to the project.

Eliminate all unused arguments. Remove unused variables in code.

Change-Id: I0940ba897ac716b4a256f94fcd671f1ff5abc62c
/system/security/keystore/keystore.cpp
822c3a99d930e9299e2fad2fb3e0ff91b119b95a 24-Mar-2012 Kenny Root <kroot@google.com> Add support for upgrading key types

Old key types were not distinguished by the keystore itself. This change
takes some of the reserved fields in the old format and changes it to a
version number and key type.

Change-Id: I45bd4cdce042617641fe7bd742bbe26da6024996
/system/security/keystore/keystore.cpp
298e7b1b0f9116e2054d594d7538379d86585035 26-Mar-2012 Kenny Root <kroot@google.com> Add keymaster delete_all call on reset

To allow efficient deletion by hardware keymaster modules, add a direct
delete_all call when keystore is reset. This will also probably fix
problems where the hardware keymaster gets more keys than keystore knows
about and fills up its storage.

Change-Id: I452e2e609802201dc7db2f52f95b44d72f79efa2
/system/security/keystore/keystore.cpp
70e3a86abd2c412d602a018967c01c177eb6cf4e 16-Feb-2012 Kenny Root <kroot@google.com> Add keymaster to keystore with soft implementation

Add hardware crypto capabilities to keystore. This allows hardware
escrow of private key material.

There is also an OpenSSL engine that connects to keystore to allow use
of the keystore keys from native code built into the platform.

This includes a software implementation of keymaster using OpenSSL
as the backend. This is just as insecure as the previous solution,
but it's needed so devices without hardware support can continue
to operate in the new scheme without a lot of compatibility code.

Change-Id: I2bc67766e1f633ef1cbbd2874a65962074e84f4f
/system/security/keystore/keystore.cpp
5187818895c4c5f650a611c40531b1dff7764c18 13-Mar-2012 Kenny Root <kroot@google.com> keystore_client shared library

Add a libkeystore_client.so library for clients to use.

Add const-correctness to the keystore.cpp classes.

Increase maximum arguments for future work.

Change-Id: Ia22f8b893aea3115a7b4a0543ad392c17c8528f2
/system/security/keystore/keystore.cpp
a91203b08350b2fc7efda5b1eab39e7541476b3a 16-Feb-2012 Kenny Root <kroot@google.com> Move keystore from frameworks/base

Move keystore from frameworks/base at commit
57ff581bd9b16a192a567f84d0e0a5c82d866343

Change-Id: I1e62488d63810f14e40ffb3d192925ff4eeb8906
/system/security/keystore/keystore.cpp