Mirror KeyProtection.setCriticalToDeviceEncryption so
the flag can also be set on keys generated by keystore.
Bug: 72178550
Test: atest android.security.keystore.KeyGenParameterSpecTest
Test: atest android.security.ParcelableKeyGenParameterSpecTest
Change-Id: I7f102c82e60f211028c694d499ffd2838b89bb2b
Existing annotations in libcore/ and frameworks/ will deleted after the migration. This also means that any java library that compiles @UnsupportedAppUsage requires a direct dependency on "unsupportedappusage" java_library.
Bug: 145132366
Test: m && diff unsupportedappusage_index.csv
Change-Id: I4bc8c9482e4bb1af21363f951affff7ee3fefeab
Platform VPN profiles keyed by apps must use a different key prefix to
prevent the Settings app from seeing them (and thus exposing potentially
sensitive credential information). Thus, the profiles will be
partitioned as follows:
Custom (Settings-app) based profiles continues using VPN_* prefix
App provisioned profiles will use the new PLATFORM_VPN_* prefix
Bug: 144245359
Test: Compiles, FrameworksNetTests passing
Change-Id: If8762e468c6cbbeb80738f14b066ebbad5cc665f
Properly define the constant for requesting the use of device individual
attestation certificate and use it in AttestationUtils.
This lets callers to DevicePolicyManager.generateKeyPair request the use
of device-unique attestation certificate, on Keymaster implementations
that support this.
Bug: 140193672
Bug: 136494773
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I74de89e4c121a27b0495dcb99b0775445c3d4eaf
Only send updates when a configurable threshold is met.
For some scenarios this results in a significant performance
improvement. Specifically sign operations should be 10-40% faster.
Bug: 139891753
Test: atest CtsKeystoreTestCases
Change-Id: I233679d4f8582eeaaa6f21e3102cce08110f0482
This additional input will be unused for now, but future changes are
expected to utilize it.
Test: Keystore CTS Tests
Change-Id: I5c388032e3710e3825bdb06b26443a5ae2c034a3
BlockingQueue does not accept null values, change to CountDownLatch for
synchronization.
Bug: 144477553
Test: Enable multiple managed profiles, and run
`atest UserLifecycleTests#managedProfileStopped`
Change-Id: I1a003568896ce7983a5ac14a710944d914c86bac
Two @SystemApi's being added to allow wifi mainline module to access
formal API's:
a) KeyGenParameterSpec.Builder.setUid() to allow wifi to create/store keys
with WIFI_UID.
b) AndroidKeyStoreProvider.getKeyStoreForUid() to allow wifi to get/put
any keys stored with WIFI_UID.
Both of these API's are already permission protected in the lower
layers. There is a map of euid's stored in the native keystore which
limits which uid is allowed to access which other uid's data.
Bug: 142089671
Test: make system-api-stubs-docs-update-current-api
Change-Id: I39b92d2293bcdc26bb0a4a48a1d1e4cc0b20ad0b
In order to keep conformity across the ecosystem, keystore will enforce
that HMAC key sizes coming in through the framework must be limited to
the range of 64-512 bits, inclusive. This will be the case for both TEE
and StrongBox Keymaster implementations.
Bug: 143404829
Test: atest CtsKeystoreTestCases
Change-Id: I2ea867392060f4478b5a01bd747a4345e1fded4c
This api call is not accessible from the java API and is intended to be
deprecated. This CL cleans up the potential to directly call into binder
and use this functionality.
Also cleans up imports to appease the repo hooks
Test: Android builds
Change-Id: I95b27a001a6d6ba6c7d1f952bdda456a78b7f99c
TrustManagerService holds the ground truth about whether a user is
locked or not, so update keystore using the information there,
instead of doing it from KeyguardStateMonitor. This fixes the issue
of work profile locked state not being correctly pushed to keystore.
Note: since this change is likely to be backported as a security
patch, I'm refraining from doing major refactoring right now.
Bug: 141329041
Test: manually with KeyPairSampleApp
Change-Id: I3472ece73d573a775345ebcceeeb2cc460374c9b
This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow. This CL
introduces a new settings page, where the type of certificate to be installed can be selected.
Bug: 139173976
Test: Atest com.android.settings.security
manual testing from Settings by selecting the certificate type
preference and ensuring the installation flow still worked as expected.
Change-Id: I6e0606b00c5f684571ffbd903b9cf55c6911fd0f
Binding to keychain can fail, for example when the target user
is being removed. Handle this case gracefully and do not block
the system server.
Bug: 139554671
Test: none
Change-Id: Ib68c873e367428b82f3cb2a81cafe1a59776336c
Add KEY_ALIAS_SELECTION_DENIED contant to flag that no private key alias has
been chosen in onChoosePrivateKeyAlias, but no KeyChainActivity selection dialog
should be presented to the user.
Bug: 136649900
Test: run cts --test MixedManagedProfileOwnerTest#testDelegationCertSelection
Change-Id: I9aeea7be0c2a6172ca054f91d49183c843ecfa6e
Introduce a new API to request use of individual attestation
certificate for attesting keys generated by the
DevicePolicyManager.generateKeyPair method.
It builds on existing device ID attestation capabilities in two ways:
(1) Eligibility check: Assuming similar privacy requirements for the use
of individual attestation certificates, enforce the same conditions
for using them as the conditions for requesting device identifiers
in the attestation record.
(2) Keymaster interaction: Passing the right Keymaster tag to the
attestKey call, which is easily done in AttestationUtils.
Bug: 136494773
Test: CTS test to be added.
Change-Id: Idb5cee66d986a521c17e1955532d0bfae66c035d
Unify the manual certificate installation flow (via "Install from
storage" in the Settings app) with the programmatic one (using
DevicePolicyManager.installKeyPair).
The unification is achieved by extending the KeyChainService API to take
in the UID for which the key is designated (so WiFi keys can be
installed with the unified flow), and making the CredentialStorage
activity call the KeyChainService rather than poke into Keystore
directly.
Framework-related changes to support this:
* Add new constant for specifying the key alias as an extra to the
install activity, and remove obsolete constants from the Credentials
class.
* Make KeyChainService definition include key destination UID.
* Make the call to KeyChainService.installKeyPair from the
DevicePolicyManagerService specify the "self" UID.
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: Ib317f85fa6719c70ee3b1da4255c44754fbfa789
Make AttestedKeyPair c'tor accept a List<Certificate> rather than
Certificate[] to match the getter method on this class.
To make it easier to use this class from other framework code I've
re-instantiated the c'tor with a certificate array which will
convert the array to a list.
Bug: 139092002
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: Ie80dcb28f112efa89d3cc6fdceb1b9e5e26c58b1
Make the constructor for AttestedKeyPair public so instances of it can
be created for testing.
Bug: 138409426
Test: That it compiles
Change-Id: Iab8fbf1ad2293a91347701eb67631a8f3a3bd3fa
There's a long-standing bug (since ~Marshmallow) that causes
AndroidKeyStore to truncate large (>64 KiB) blocks of data. This can
be avoided by callers by processing data in smaller chunks, and
smaller chunks are more memory-efficient while not being much (if any)
more time-efficient. But, Keystore should handle large blocks
correctly. This CL adds a test to all block cipher tests that
attempts to encrypt and then decrypt a 100 KiB block.
Bug: 123391046
Test: CtsKeystoreTestCases
Change-Id: I0c0286fd5360d4fe62cbd8130aa0c17f97318801
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.
Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
This is useful when the caught exceptions are not informative and they
act as a red herring in the adb logs.
Bug:109791294
Test: call this method in the VpnSettings and manually navigate to
adding a new VPN by searching for VPN in settings and then pressing '+'.
Change-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
Merged-In: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
If a certificate is self signed, then currently KeyStore will still
attempt to find the CA certificate. When it obviously fails to find it,
a key not found exception is propagated up and thrown. This CL
suppresses that exception, as it seems to exclusively be thrown in this
condition, which is WAI. Having the stack trace show up can be very
misleading to developers.
Test: atest cts/tests/tests/keystore/src/android/keystore/cts
Change-Id: I192f54d3d8355c183e830ab09314932e8800f7ed
