This fixes the contract between equals and hashCode in
AndroidKeystorePublicKey. The previous fix made only a reference
comparisson between certificate blobs. In this patch java.util.Arrays is
used to compare and compute the hash of the array.
Bug: 196118021
Test: See following CL.
Change-Id: I2b8b7e740fb377de39fd21f763e15cb00024b2fc
Fix a NullPointerException when trying to insert SecretKey that already
exists.
Bug: 202146009
Test: atest android.keystore.cts.AndroidKeyStoreTest#testKeyStore_SetKeyEntry_ReplacedWithSameGeneratedSecretKey
Change-Id: If3a4bd6677ab3173c5c1a7c921ba567b7981662b
The code was doing a reference compare, not object value comparison,
resulting in failures in the KeyStore setEntry API.
Test: CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest
Fixes: 197138784
Change-Id: I2c5e47283eed5694951869e9ea3853364ddef9d1
Callbacks on ServiceConnection happen on the main UI thread for an
application. Since the thread that calls bindService then immediately
blocks to wait for the service to be connected, this will cause a
deadlock if key operations are happening on the main UI thread.
This bug has likely not been detected yet since key operations are not
supposed to be performed on the main UI thread, however it was uncovered
in a similar application during other testing. This fix ensures the
ServiceConnection object's callbacks will be triggered from a separate
thread from the calling thread.
Bug: 196571032
Test: Apps that run key operations on the UI thread don't hang.
Change-Id: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
Merged-In: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
This fixes the contract between equals and hashCode in
AndroidKeystoreKey and AndroidKeystorePublicKey.
Bug: 196118021
Test: N/A
Change-Id: I3f7e6d72d53c7051c13daeb5aa6ce1abf4eb0cc5
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Merged-In: I2e7dd4868abda85d244e73592ff12d688f5c21fc
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
The KeyMint spec requires the specification of the EC_CURVE tag when
generating an EC key. This patch adds the correct curve tag parameter to
the parameter list.
Test: CtsVerifier Protected confirmation test.
Bug: 192908276
Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish. If the relevant key
generation service is not present on the system, then this
functionality will just silently be skipped over.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: Ie34997a08aa743642c66a20c4b756cd47bff4af1
Merged-In: Ie34997a08aa743642c66a20c4b756cd47bff4af1
This reverts commit d05498b9d8d30ca69eaafe920c5915ee472058eb.
Reason for revert: Bugged on non-RKP systems.
Bug: 190222116
Change-Id: Ie7d17d4251c381c1bae6a76cd9b0246c551f8042
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: I917a61da612f21f9a0f783bea5d24270d4e1db42
Previous releases explicitly check for invalid inputs. These checks
were removed with the move to keystore2 -- add them back.
Remove old prepareAttestationArguments* methods, as they are no
longer referenced.
Bug: 188741672
Test: com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: I4eeec8367ebdfad527395206ab9e89b409e02631
Merged-In: I4eeec8367ebdfad527395206ab9e89b409e02631
Previous releases explicitly check for invalid inputs. These checks
were removed with the move to keystore2 -- add them back.
Remove old prepareAttestationArguments* methods, as they are no
longer referenced.
Fixes: 188741672
Test: com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: I4eeec8367ebdfad527395206ab9e89b409e02631
This file was written on the assumption that bindService was
synchronous, which it isn't. This change adds a CountDownLatch to force
the class to wait for the binding to finish.
Bug: 190222116
Test: atest RemoteProvisionerUnitTests
Change-Id: I917a61da612f21f9a0f783bea5d24270d4e1db42
Merged-In: I917a61da612f21f9a0f783bea5d24270d4e1db42
getUniqueAliases may return a null if an error occurred. This would lead
to a NPE in engineAliases.
This patch makes getUniqueAliases return an empty HashSet instead.
Test: atest KeystoreTests
Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f
Instead of always wrapping errors in a DeviceIdAttestationException,
check to see if the underlying cause was originally a
DeviceIdAttestationException. If so, unwrap the cause and just re-throw
that, preserving the original error.
Bug: 183827468
Test: GtsGmsCoreSecurityTestApp
Change-Id: Iab78ccaff91dd1de615e1d2b18f709027aecd59e
If biometric unlock is enabled, we tell keystore at lock time so that
a key can be set up in KM which unlocks UNLOCKED_DEVICE_REQUIRED keys
based on auth tokens carrying those SIDs. This also has the effect that
if there is no biometric unlock, UNLOCKED_DEVICE_REQUIRED keys have
full cryptographic protection, per NIAP requirements.
Test: aosp/1686345
Bug: 163866361
Change-Id: Ia4d01faa998c76b2b33ad3520730466ac59e6d8d
AndroidKeyStoreCipherSpiBase.engineDoFinal may get called with a null
input argument. In the case where we forward the operation to the
default provider doFinal() needs to be called instead of
doFinal(byte[], int, int).
Bug: 183913233
Test: atest android.keystore.cts.CipherTest#testEncryptsAndDecryptsUsingCipherStreams
Change-Id: Ia3afaf281be7c8e5493ac8e4155a7aa02d1d37f0
