Surface the service-specific error message. To avoid API changes, the
error message is surfaced in the toString / getMessage methods.
Test: atest android.security.keystore.KeyStoreExceptionTest
Bug: 217593122
Change-Id: Id4090564b46db9b3b10ea390390f6683f7314463
getUniqueAliases may return a null if an error occurred. This would lead
to a NPE in engineAliases.
This patch makes getUniqueAliases return an empty HashSet instead.
Test: atest KeystoreTests
Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f
Mirror KeyProtection.setCriticalToDeviceEncryption so
the flag can also be set on keys generated by keystore.
Bug: 72178550
Test: atest android.security.keystore.KeyGenParameterSpecTest
Test: atest android.security.ParcelableKeyGenParameterSpecTest
Change-Id: I7f102c82e60f211028c694d499ffd2838b89bb2b
Files failing automerge from AOSP.
See build/soong/README.md for more information.
Bug: 122332340
Test: treehugger
Change-Id: I92f7584aeaf502336f67e04fbc22634784c9305d
Add the Android Enterprise Security team as OWNERS for KeyChain and
KeyChain-related code.
The KeyChain code currently lives under keystore/, which means every
change requires Keystore owners approval, but it does not make sense for
KeyChain as KeyChain is a Keystore client and is developed
independently.
Test: Gerritt upload.
Bug: 33166666
Change-Id: Idfedda9553add303439179ce10a1e75e437bbe83
Due to an oversight, some of the key generation parameters that are set
in KeyGenParameterSpec were not preserved when parceling the object
(they should have been added to ParcelableKeyGenParameterSpec but were
not).
This means these parameters will be ignored when generating keys using
the DevicePolicyManager.generateKeyPair method, leading to an
inconsistent key generation behaviour between the DevicePolicyManager
and KeyStore.
In particular, this would prevent callers from using StrongBox when
generating keys for use in the KeyChain.
Fix the issue by simply persisting these parameters in
ParcelableKeyGenParameterSpec and making sure that the Builder copies
them too from the source KeyGenParameterSpec.
Left to do is put in place an automated measure to find out
discrepancies between the two classes.
Bug: 110915980
Bug: 110882855
Bug: 109953656
Test: atest KeystoreTests
Change-Id: Ic64bd2921b6dfc97ea34ecba55f532312963ffcb
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760
If the KeyGenParameterSpec passed into
DevicePolicyManager.generateKeyPair contains an attestation challenge,
request an attestation record for the newly-generated key with the
challenge provided.
This particular implementation was chosen, rather than letting the
attestation record be generated at the same time as key generation, to
avoid having the attestation chain stored in Keystore and associated
with the generated alias.
The rationale is that this is a key that is potentially accessible by
multiple applications and the attestation chain may end up being sent
as a TLS client certificate chain, for example.
As the attestation challenge should be unique per device, to avoid
the potential of sending / sharing unique device information, by
explicitly requesting an attestation record after key generation, the
attestation record is only returned to the generateKeyPair client and
not persistend in Keystore.
Bug: 63388672
Test: New CTS test to be run with: 'cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG'
Change-Id: I95a9aef179173b571b533301ac438c675e8fe702
Statically including legacy-android-test leads to duplicate classes
which causes build time problems (with Proguard) and runtime problems on
older SDK versions. This change:
* Stops statically including legacy-android-test.
* Adds compile time dependencies on andoid.test.base, android.test.mock
and android.test.runner where necessary.
* Adds <uses-library android:name="android.test.runner"/> to any
affected package to ensure that the classes that were included by
legacy-android-test are still available at runtime. That also adds a
dependency on android.test.base and android.test.mock.
The following change descriptions were generated automatically and so
may be a little repetitive. They are provided to give the reviewer
enough information to check the comments match what has actually been
changed and check the reasoning behind the changes.
* apct-tests/perftests/core/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CorePerfTests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CorePerfTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* core/tests/ConnectivityManagerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ConnectivityManagerTest's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ConnectivityManagerTest
results in duplicate classes which leads to build time and compile
time issues.
* core/tests/bandwidthtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BandwidthTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BandwidthTests results
in duplicate classes which leads to build time and compile time
issues.
* core/tests/bluetoothtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BluetoothTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BluetoothTests results
in duplicate classes which leads to build time and compile time
issues.
* core/tests/hosttests/test-apps/DownloadManagerTestApp/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in DownloadManagerTestApp
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
DownloadManagerTestApp's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
* core/tests/hosttests/test-apps/ExternalSharedPerms/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsTestApp results in duplicate classes which leads
to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsBT/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsBTTestApp results in duplicate classes which
leads to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsDiffKey/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsDiffKeyTestApp results in duplicate classes
which leads to build time and compile time issues.
* core/tests/hosttests/test-apps/ExternalSharedPermsFL/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
ExternalSharedPermsFLTestApp results in duplicate classes which
leads to build time and compile time issues.
* core/tests/notificationtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
NotificationStressTests's source depends on its classes and because
of these changes they are no longer present on the compilation
path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in NotificationStressTests
results in duplicate classes which leads to build time and compile
time issues.
* keystore/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in KeystoreTests results
in duplicate classes which leads to build time and compile time
issues.
* media/mca/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CameraEffectsTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CameraEffectsTests
results in duplicate classes which leads to build time and compile
time issues.
* media/tests/MediaFrameworkTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
mediaframeworktest's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in mediaframeworktest
results in duplicate classes which leads to build time and compile
time issues.
* nfc-extras/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in NfcExtrasTests results
in duplicate classes which leads to build time and compile time
issues.
* packages/CarrierDefaultApp/tests/unit/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CarrierDefaultAppUnitTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
CarrierDefaultAppUnitTests results in duplicate classes which leads
to build time and compile time issues.
* packages/ExtServices/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ExtServicesUnitTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ExtServicesUnitTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/MtpDocumentsProvider/tests/Android.mk
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because MtpDocumentsProviderTests's source
depends on their classes and because of these changes they are no
longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
MtpDocumentsProviderTests results in duplicate classes which leads
to build time and compile time issues.
* packages/SettingsLib/tests/integ/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SettingsLibTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SettingsLibTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/SettingsProvider/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SettingsProvider
results in duplicate classes which leads to build time and compile
time issues.
* packages/SettingsProvider/AndroidManifest.xml
Add uses-library for android.test.runner because otherwise this
change would change the set of files available to SettingsProvider
at runtime.
* packages/Shell/tests/Android.mk
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because ShellTests's source depends on their
classes and because of these changes they are no longer present on
the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ShellTests results in
duplicate classes which leads to build time and compile time
issues.
* packages/SystemUI/shared/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SystemUISharedLibTests
results in duplicate classes which leads to build time and compile
time issues.
* packages/SystemUI/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SystemUITests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SystemUITests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* packages/WAPPushManager/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
WAPPushManagerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in WAPPushManagerTests
results in duplicate classes which leads to build time and compile
time issues.
* sax/tests/saxtests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworksSaxTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in FrameworksSaxTests
results in duplicate classes which leads to build time and compile
time issues.
* tests/BrowserPowerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
BrowserPowerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in BrowserPowerTests
results in duplicate classes which leads to build time and compile
time issues.
* tests/CanvasCompare/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CanvasCompare's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CanvasCompare results
in duplicate classes which leads to build time and compile time
issues.
* tests/CoreTests/android/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
CoreTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in CoreTests results in
duplicate classes which leads to build time and compile time
issues.
* tests/DataIdleTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
DataIdleTest's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in DataIdleTest results in
duplicate classes which leads to build time and compile time
issues.
* tests/FrameworkPerf/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworkPerf's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in FrameworkPerf results
in duplicate classes which leads to build time and compile time
issues.
* tests/HierarchyViewerTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
HierarchyViewerTest's source depends on its classes and because of
these changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in HierarchyViewerTest
results in duplicate classes which leads to build time and compile
time issues.
* tests/ImfTest/tests/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
ImfTestTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in ImfTestTests results in
duplicate classes which leads to build time and compile time
issues.
* tests/Internal/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in InternalTests results
in duplicate classes which leads to build time and compile time
issues.
* tests/MemoryUsage/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
MemoryUsage's source depends on its classes and because of these
changes they are no longer present on the compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in MemoryUsage results in
duplicate classes which leads to build time and compile time
issues.
* tests/NetworkSecurityConfigTest/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
NetworkSecurityConfigTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
NetworkSecurityConfigTests results in duplicate classes which leads
to build time and compile time issues.
* tests/SoundTriggerTests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SoundTriggerTests
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
SoundTriggerTests's source depends on its classes and because of
these changes they are no longer present on the compilation path.
* tests/SurfaceComposition/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in SurfaceComposition
results in duplicate classes which leads to build time and compile
time issues.
Added 'android.test.runner.stubs' to LOCAL_JAVA_LIBRARIES because
SurfaceComposition's source depends on its classes and because of
these changes they are no longer present on the compilation path.
* tests/TtsTests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in TtsTests results in
duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
TtsTests's source depends on its classes and because of these
changes they are no longer present on the compilation path.
* tests/WindowAnimationJank/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in WindowAnimationJank
results in duplicate classes which leads to build time and compile
time issues.
* tests/permission/Android.mk
Added 'android.test.base' to LOCAL_JAVA_LIBRARIES because
FrameworkPermissionTests's source depends on its classes and
because of these changes they are no longer present on the
compilation path.
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in
FrameworkPermissionTests results in duplicate classes which leads
to build time and compile time issues.
* tests/testables/tests/Android.mk
Removed legacy-android-test from LOCAL_STATIC_JAVA_LIBRARIES
because statically including the classes in TestablesTests results
in duplicate classes which leads to build time and compile time
issues.
Added 'android.test.base' and 'android.test.mock' to
LOCAL_JAVA_LIBRARIES because TestablesTests's source depends on
their classes and because of these changes they are no longer
present on the compilation path.
Bug: 30188076
Test: make checkbuild
Change-Id: Iacfc939c97415314366ed61c5f3b7aa1a40f0ec9
This is the crux of the Verified Access feature implementation:
Adding the ability to generate KeyChain keys directly by the
secure hardware, rather than installing software-generated keys
into KeyChain.
Add generateKeyPair to the DevicePolicyManager, which delegates key
generation (via the DevicePolicyManagerService) to the KeyChainService.
Design highlights:
* The key generation is delegated via the DevicePolicyManagerService to
check that only authorized callers request key generation in KeyChain.
* KeyChainService performs the actual key generation so it owns the key
in Keystore outright.
* DevicePolicyManagerService then grants the calling app access to the
Keystore key, so it can actually be used.
* Loading the public/private key pair, as well as attestation
certificate chain, is done in the client code (DevicePolicyManager)
to save parceling / unparceling those objects across process
boundaries twice (for no good reason).
NOTE: The key attestation functionality (that includes Device ID) is
missing/untested. Will be added in a follow-up CL as this one is quite
big already.
HIGHLIGHT FOR REVIEWERS:
* API: New API in DevicePolicyManager.
Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG; adb shell am instrument 'android.security.tests/android.support.test.runner.AndroidJUnitRunner' (After building the KeystoreTests target and installing the apk)
Change-Id: I73762c9123f32a94d454ba4f8b533883b55c44cc
These depended on internal implementation details of Conscrypt that are
changing. Delete these tests since they're not included in builds any
more.
Test: make checkbuild
Change-Id: I6ddf832c30bcf49e940c55aa81534c3d987393fb
In preparation for removing junit classes from the Android API
the legacy-test target will be removed from the
TARGET_DEFAULT_JAVA_LIBRARIES. This change adds explicit
dependencies on junit and/or legacy-android-test to ensure that
modules will compile properly once it is removed.
(cherry picked from 6387604f9e672ece85e07c4bcbd7be396867f06f)
Bug: 30188076
Test: make checkbuild
Merged-In: I13e88297731253420e4e5f5291d503f13a39a156
Change-Id: I58446eb8c45d8ac2bcdbc9fa40d1321e811bdd4b
This is meant for exposing the pre-existing cross-UID access to keys
backed by the keystore service via higher-level JCA API. For example,
this lets system_server use Wi-Fi or VPN UID keys via JCA API.
To obtain a JCA AndroidKeyStore KeyStore for another UID, use the
hidden system API AndroidKeyStoreProvider.getKeyStoreForUid(uid).
To generate a key owned by another UID, invoke setUid(uid) on
KeyGenParameterSpec.Builder.
This CL does not change the security policy, such as which UID can
access/modify which UIDs' keys. The policy is that only certain system
UIDs are permitted to access keys of certain other system UIDs.
Bug: 23978113
Change-Id: Ie381530f41dc41c50d52f675fb9e68bc87c006de
This CL ensures that Android Keystore framework code complies with
signedness of keymaster tags. In particular:
* INT tags are unsigned 32-bit numbers, and
* LONG and DATE tags are unsigned 64-bit numbers.
The ensure compliance, KeymasterArguments and KeyCharacteristics
classes through which Android Keystore interacts with Keymaster tags
have been modified as follows:
* ENUM and INT tags which used to be conflated are now added/queried
via separate methods, because ENUM can remain represented as an int
data type whereas INT is now represented as a long data type with
permitted range being [0; 2^32).
* Methods for adding/quering LONG tags have been switched from the long
data type to the BigInteger data type and now ensure that the value
is in the permitted [0; 2^63).
* Methods for adding/querying DATE tags now ensure the Date value is
in the permitted range [0; 2^63) ms since Unix epoch.
* Methods for adding tags throw an IllegalArgumentException if the tag
type is unsuitable for the method. This is to ensure that tags with
invalid values cannot be added through similar methods (e.g., INT tag
added via an ENUM tag addition method invoked with a negative value).
Bug: 22008538
Change-Id: I6eefd5cbb561cc52d27de952691af4d9d5e1af1e
This switches Android Keystore asymmetric keys from being backed by
Conscrypt (via keystore-engine which is an OpenSSL/BoringSSL ENGINE
which talks to keystore via the old KeyStore API) to being backed by
the AndroidKeyStore Provider which talks to keystore via the new
KeyStore API. In effect, this switches asymmetric crypto offered by
Android Keystore from old Keystore API to new KeyStore API, enabling
all the new features such as enforcement of authorizations on key use.
Some algorithms offered by Android Keystore, such as RSA with OAEP
or PSS padding schemes, are not supported by other providers. This
complicates matters because Android Keystore only supports public key
operations if the corresponding private key is in the keystore. Thus,
Android Keystore can only offer these operations for its own public
keys only. This requires AndroidKeyStore to use its own subclasses of
PublicKey everywhere. The ugliest place is where it needs to return
its own subclass of X509Certificate only to be able to return its
own subclass of PublicKey from Certificate.getPublicKey().
Bug: 18088752
Bug: 19284418
Bug: 20912868
Change-Id: Id234f9ab9ff72d353ca1ff66768bd3d46da50d64
Output parameters are gone from begin, instead they will returned in the
OperationResult and begin, update, and finish may return output
parameters.
Change-Id: I072afeb6c65f6c512b40603824c25686ac44e7c8
begin now returns OP_AUTH_REQUIRED for per operations with per op
authorization instead of NO_ERROR.
(cherry-picked from commit b0addbaaf22b14200db602c41a5bd86847bdc0a9)
Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
This moves the non-public API classes backing Android Keystore from
android.security to android.security.keystore, a package specially
created for Android Keystore.
Bug: 18088752
Change-Id: Ibf04d6a26c54d310b0501fc5e34f37b1176324ad
This CL addresses the comments from API Council about Android KeyStore
KeyPairGeneratorSpec, KeyGeneratorSpec and KeyStoreParameter:
1. These abstractions should not take or hold references to Context.
2. The Builders of these abstractions should take all mandatory
parameters in their constructors rather than expose them as
setters -- only optional paratemers should be exposed via setters.
These comments cannot be addressed without deprecation in the already
launched KeyPairGeneratorSpec and KeyStoreParameter. Instead of
deprecating just the getContext methods and Builder constructors, this
CL goes for the nuclear option of deprecating KeyPairGeneratorSpec and
KeyStoreParameter as a whole and exposing all of the AndroidKeyStore
API in the new package android.security.keystore. This enables this CL
to correct all of the accrued design issues with KeyPairGeneratorSpec
(e.g., naming of certificate-related methods) and KeyStoreParameter.
This also makes the transition to API Level M more clear for existing
users of the AndroidKeyStore API. These users will only have to deal
with the new always-mandatory parameters (e.g., purposes) and
sometimes-mandatory (e.g., digests, block modes, paddings) if they
switch to the new API. Prior to this CL they would've had to deal with
this if they invoked any of the new methods of KeyPairGeneratorSpec
or KeyStoreParameter introduced in API Level M.
This CL rips out all the new API introduced into KeyPairGeneratorSpec
and KeyStoreParameter classes for Android M, thus reverting these
classes to the API launched in L MR1. This is because the new API is
now in android.security.keystore.KeyGenParameterSpec and KeyProtection
respectively.
Bug: 21039983
Change-Id: I59672b3c6ef7bc25c40aa85f1c47d9d8a05d627c
Keystore's begin operation now requires parameters which describe the
operation (e.g., algorithm, block mode, padding). This adjusts
KeyStoreTest to provide the necessary parameters.
(cherry-picked from commit c5e4d7af22793072a2620805f5e0e23bf15e7110)
Bug: 19509156
Change-Id: Ibc665fbc893766a683a4aadc97a64ffdf2d0d85f
Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
This removes the need to specify the three parameters of the
self-signed certificate (serial number, subject, validity range) when
generating key pairs in AndroidKeyStore. This is achieved by
providing sensible defaults for these parameters:
* serial number: 1
* subject: CN=fake
* validity range: Jan 1 1970 to Jan 1 2048.
Bug: 18088752
Change-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43
Now that auth token checks are in keystore keys without any auth tags
are invalid.
Also adds a test to check that a key with auth required fails when none
is present.
Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
AES and HmacSHA256 symmetric keys can now be imported into
AndroidKeyStore. These keys cannot yet be used.
Bug: 18088752
Change-Id: Iad2fd49d15ac4c2d676abe1153f5b5f0b6ff496c
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
The test is sending too much data to be signed, which should actually
fail, and does on Volantis. Apparently the other keymaster implementors
do something to pass it, because shamu and hammerhead pass, but the test
is wrong.
Change-Id: Ic616a551567d64f5d87d9607ceb08afa7be74f9d
