Surface the service-specific error message. To avoid API changes, the
error message is surfaced in the toString / getMessage methods.
Test: atest android.security.keystore.KeyStoreExceptionTest
Bug: 217593122
Change-Id: Id4090564b46db9b3b10ea390390f6683f7314463
Update the Keystore owners file:
* Remove Rob Barnes
* Add myself.
This will remove the dependency on US-based reviewers for all Keystore
Java CLs.
Non-trivial CLs, CLs that are not strictly in the Java layer, or both,
would still be sent to the right US-based reviewer.
Bug: N/A
Test: N/A
Change-Id: Id8931516b90be4b97e684cb8d7f9de8d71643db4
Report KeyStore/KeyMint error messages via public API.
This lets developers find out:
* Whether an error is transient or not.
* Whether a failure is due to a system error
(system configuration/state/capabilities), or a key-related error.
* Whether user authentication is required to use the key.
Test: atest CtsKeystorePerformanceTestCases CtsKeystoreTestCases
Bug: 197890905
Merged-In: I776d9e9cc01a9dc3542a63000ee0709847760963
Change-Id: Ica0c93fdd4b89255ee0a03a9b9b948202777d4d4
Update the Java framework accordingly with the underlying keystore2
changes for key migration.
Test: atest SharedUserMigrationTest#testDataMigration (in internal)
Bug: 211665859
Change-Id: I26c817dffdf2e50a43373114a63242644ee7e712
The default value for canUnlockViaBiometrics, which determines if we
are able to show a bio prompt, is true. However, if there are 0
biometric authenticator IDs, then it's impossible for the user to
satisfy a bio prompt. In this case, we should set canUnlockViaBiometrics
to false.
The loop that is normally expected to invert canUnlockViaBiometrics was
never run in the case of 0 bio authenticator ids, so we mistakenly
let the crypto init operation succeed when we should have blocked it.
Bug: 188864794
Test: Manual, using sample app that displays a biometric prompt.
Change-Id: Ib95b0564aa098157718b8d4a45b11baa69dad71b
This fixes the contract between equals and hashCode in
AndroidKeystorePublicKey. The previous fix made only a reference
comparisson between certificate blobs. In this patch java.util.Arrays is
used to compare and compute the hash of the array.
Bug: 196118021
Test: See following CL.
Change-Id: I2b8b7e740fb377de39fd21f763e15cb00024b2fc
Fix a NullPointerException when trying to insert SecretKey that already
exists.
Bug: 202146009
Test: atest android.keystore.cts.AndroidKeyStoreTest#testKeyStore_SetKeyEntry_ReplacedWithSameGeneratedSecretKey
Change-Id: If3a4bd6677ab3173c5c1a7c921ba567b7981662b
The code was doing a reference compare, not object value comparison,
resulting in failures in the KeyStore setEntry API.
Test: CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest
Fixes: 197138784
Change-Id: I2c5e47283eed5694951869e9ea3853364ddef9d1
Callbacks on ServiceConnection happen on the main UI thread for an
application. Since the thread that calls bindService then immediately
blocks to wait for the service to be connected, this will cause a
deadlock if key operations are happening on the main UI thread.
This bug has likely not been detected yet since key operations are not
supposed to be performed on the main UI thread, however it was uncovered
in a similar application during other testing. This fix ensures the
ServiceConnection object's callbacks will be triggered from a separate
thread from the calling thread.
Bug: 196571032
Test: Apps that run key operations on the UI thread don't hang.
Change-Id: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
Merged-In: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
This fixes the contract between equals and hashCode in
AndroidKeystoreKey and AndroidKeystorePublicKey.
Bug: 196118021
Test: N/A
Change-Id: I3f7e6d72d53c7051c13daeb5aa6ce1abf4eb0cc5
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Merged-In: I2e7dd4868abda85d244e73592ff12d688f5c21fc
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish. If the relevant key
generation service is not present on the system, then this
functionality will just silently be skipped over.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: Ie34997a08aa743642c66a20c4b756cd47bff4af1
Merged-In: Ie34997a08aa743642c66a20c4b756cd47bff4af1
This reverts commit d05498b9d8d30ca69eaafe920c5915ee472058eb.
Reason for revert: Bugged on non-RKP systems.
Bug: 190222116
Change-Id: Ie7d17d4251c381c1bae6a76cd9b0246c551f8042
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: I917a61da612f21f9a0f783bea5d24270d4e1db42
Previous releases explicitly check for invalid inputs. These checks
were removed with the move to keystore2 -- add them back.
Remove old prepareAttestationArguments* methods, as they are no
longer referenced.
Bug: 188741672
Test: com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: I4eeec8367ebdfad527395206ab9e89b409e02631
Merged-In: I4eeec8367ebdfad527395206ab9e89b409e02631
Previous releases explicitly check for invalid inputs. These checks
were removed with the move to keystore2 -- add them back.
Remove old prepareAttestationArguments* methods, as they are no
longer referenced.
Fixes: 188741672
Test: com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: I4eeec8367ebdfad527395206ab9e89b409e02631
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: I917a61da612f21f9a0f783bea5d24270d4e1db42
Merged-In: I917a61da612f21f9a0f783bea5d24270d4e1db42
getUniqueAliases may return a null if an error occurred. This would lead
to a NPE in engineAliases.
This patch makes getUniqueAliases return an empty HashSet instead.
Test: atest KeystoreTests
Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f
