On systems that rely solely on remotely-provisioned keys (RKP),
the attestation keys may run out or be unavailable for attesting
a newly-generated key. This could happen when:
* the device first connects to the Internet
* The device had all the keys used and:
** It hadn't yet completed obtaining new ones.
** The RKP server declines to issue new keys.
In these cases, the caller must be informed that their key generation
request failed (likely temporarily), and that they should retry it.
The retry policy returned tells the caller when to re-try.
Bug: 227306369
Test: atest android.keystore.cts.KeyStoreExceptionTest
Change-Id: Ief30a3ab97da95b68d172e725c38acbefab92fa9
Ensure that the user gets an accurate error message when they try to
generate Curve 25519 keys according to JEP 324
(https://openjdk.java.net/jeps/324).
Android Keystore requires every key to have a name, so it is not
possible to generate a key using NamedParameterSpec only (with a
KeyPairGenerator).
Support this and throw an exception to the caller indicating how they
_can_ generate keys with this curve.
Bug: 222440855
Bug: 195309719
Bug: 194359292
Test: atest android.keystore.cts.KeyFactoryTest android.keystore.cts.Curve25519Test
Test: atest CtsLibcoreTestCases:libcore.java.security.ProviderTest
Change-Id: I5aa163f177507906c6482d079eb6cb55d93accf7
Do not register Curve 25519 algorithms as key factories, until we fix
the registration to be in compliance with JEP 324.
Bug: 222440855
Bug: 222194540
Test: atest android.keystore.cts.Curve25519Test android.keystore.cts.KeyFactoryTest#testAlgorithmList CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_getServices
Merged-In: Ibd53070a890955affaff5e4e7213892afd423db7
Change-Id: I11b3574aeff54b3eb8bf496c4c14aa1338629ce5
Do not register Curve 25519 algorithms as key factories, until we fix
the registration to be in compliance with JEP 324.
Bug: 222440855
Bug: 222194540
Test: atest android.keystore.cts.Curve25519Test android.keystore.cts.KeyFactoryTest#testAlgorithmList CtsLibcoreTestCases:libcore.java.security.ProviderTest#test_Provider_getServices
Change-Id: Ibd53070a890955affaff5e4e7213892afd423db7
Add support for Curve 25519 in the public API.
This requires upgrading the keymint dependency to V2.
Note that this CL only passes tha tags to Keystore,
but does not yet let the caller use the generated keys
because of missing Conscrypt classes.
Bug: 194359292
Test: atest android.keystore.cts.Curve25519Test
Change-Id: I15223abec34b72c857e26fcc47d8ecf08c1f8c8d
Context.unbindService() should always be called even if the
previous bindService() call returns false. Otherwise the service
might be left dangling.
Bug: 211582968
Test: None
Change-Id: Ic1705096254afa12993d8992303432896bfecd57
Surface the service-specific error message. To avoid API changes, the
error message is surfaced in the toString / getMessage methods.
Test: atest android.security.keystore.KeyStoreExceptionTest
Bug: 217593122
Change-Id: Id4090564b46db9b3b10ea390390f6683f7314463
Update the Keystore owners file:
* Remove Rob Barnes
* Add myself.
This will remove the dependency on US-based reviewers for all Keystore
Java CLs.
Non-trivial CLs, CLs that are not strictly in the Java layer, or both,
would still be sent to the right US-based reviewer.
Bug: N/A
Test: N/A
Change-Id: Id8931516b90be4b97e684cb8d7f9de8d71643db4
Report KeyStore/KeyMint error messages via public API.
This lets developers find out:
* Whether an error is transient or not.
* Whether a failure is due to a system error
(system configuration/state/capabilities), or a key-related error.
* Whether user authentication is required to use the key.
Test: atest CtsKeystorePerformanceTestCases CtsKeystoreTestCases
Bug: 197890905
Merged-In: I776d9e9cc01a9dc3542a63000ee0709847760963
Change-Id: Ica0c93fdd4b89255ee0a03a9b9b948202777d4d4
- Add a new boolean attribute `inheritKeyStoreKeys` to allow apps to
indicate whether they want keys to be transferred to the updated app
- Call the appropriate KeyStore method to migrate keys from the old
namespace to the new one
- Clear keys owned by the previous app ID if it is removed
Test: atest SharedUserMigrationTest#testKeyMigration
Test: atest AndroidPackageTest
Bug: 179284822
Change-Id: I321b85b88c150f17709a2270c0cbaf368ca035cc
Update the Java framework accordingly with the underlying keystore2
changes for key migration.
Test: atest SharedUserMigrationTest#testDataMigration (in internal)
Bug: 211665859
Change-Id: I26c817dffdf2e50a43373114a63242644ee7e712
Report KeyStore/KeyMint error messages via public API.
This lets developers find out:
* Whether an error is transient or not.
* Whether a failure is due to a system error
(system configuration/state/capabilities), or a key-related error.
* Whether user authentication is required to use the key.
Test: atest CtsKeystorePerformanceTestCases CtsKeystoreTestCases
Bug: 197890905
Change-Id: I776d9e9cc01a9dc3542a63000ee0709847760963
The default value for canUnlockViaBiometrics, which determines if we
are able to show a bio prompt, is true. However, if there are 0
biometric authenticator IDs, then it's impossible for the user to
satisfy a bio prompt. In this case, we should set canUnlockViaBiometrics
to false.
The loop that is normally expected to invert canUnlockViaBiometrics was
never run in the case of 0 bio authenticator ids, so we mistakenly
let the crypto init operation succeed when we should have blocked it.
Bug: 188864794
Test: Manual, using sample app that displays a biometric prompt.
Change-Id: Ib95b0564aa098157718b8d4a45b11baa69dad71b
This fixes the contract between equals and hashCode in
AndroidKeystorePublicKey. The previous fix made only a reference
comparisson between certificate blobs. In this patch java.util.Arrays is
used to compare and compute the hash of the array.
Bug: 196118021
Test: See following CL.
Change-Id: I2b8b7e740fb377de39fd21f763e15cb00024b2fc
Fix a NullPointerException when trying to insert SecretKey that already
exists.
Bug: 202146009
Test: atest android.keystore.cts.AndroidKeyStoreTest#testKeyStore_SetKeyEntry_ReplacedWithSameGeneratedSecretKey
Change-Id: If3a4bd6677ab3173c5c1a7c921ba567b7981662b
The code was doing a reference compare, not object value comparison,
resulting in failures in the KeyStore setEntry API.
Test: CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest
Fixes: 197138784
Change-Id: I2c5e47283eed5694951869e9ea3853364ddef9d1
Callbacks on ServiceConnection happen on the main UI thread for an
application. Since the thread that calls bindService then immediately
blocks to wait for the service to be connected, this will cause a
deadlock if key operations are happening on the main UI thread.
This bug has likely not been detected yet since key operations are not
supposed to be performed on the main UI thread, however it was uncovered
in a similar application during other testing. This fix ensures the
ServiceConnection object's callbacks will be triggered from a separate
thread from the calling thread.
Bug: 196571032
Test: Apps that run key operations on the UI thread don't hang.
Change-Id: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
Merged-In: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
This fixes the contract between equals and hashCode in
AndroidKeystoreKey and AndroidKeystorePublicKey.
Bug: 196118021
Test: N/A
Change-Id: I3f7e6d72d53c7051c13daeb5aa6ce1abf4eb0cc5
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Merged-In: I2e7dd4868abda85d244e73592ff12d688f5c21fc
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish. If the relevant key
generation service is not present on the system, then this
functionality will just silently be skipped over.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: Ie34997a08aa743642c66a20c4b756cd47bff4af1
Merged-In: Ie34997a08aa743642c66a20c4b756cd47bff4af1
This reverts commit d05498b9d8d30ca69eaafe920c5915ee472058eb.
Reason for revert: Bugged on non-RKP systems.
Bug: 190222116
Change-Id: Ie7d17d4251c381c1bae6a76cd9b0246c551f8042
