Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
This adds more detailed class-level Javadocs (incl. examples) for the
following public API of Android KeyStore facility:
* KeyPairGeneratorSpec,
* KeyGeneratorSpec,
* KeyStoreParameter,
* KeyStoreKeySpec.
This also clarifies what encryption at rest means.
Bug: 18088752
Change-Id: I9951a528c34dea322534763b596902a2b6ac64f9
KeyGenerator.init is supposed to check whether all provided parameters
are OK. This is because KeyGenerator.generateKey cannot throw checked
exceptions. This CL makes AndroidKeyStore KeyGenerator implementation
do just that. Unfortunately, keymaster/kestore doesn't provide a way
to check whether all the parameters are OK without actually generating
a key. Thus, this KeyGenerator does its best inside init method
(before Keymaster is called), and then surfaces any remaining issues
(flagged by Keymaster/keystore) as unchecked IllegalStateException.
Bug: 18088752
Change-Id: I9a04da880dcbe26c37f41d1477e41bdc74db04c9
The Javadoc incorrectly stated that:
* 0 means authentication required for every use.
* -1 means that timeout is not specified and the key can be any time.
Bug: 18088752
Change-Id: Ie5f37e74dc207f23443527ac1725ae8a37213d75
This defines the String enum values based on JCA standard names for
key algorithm, block mode, padding schemes, and digests. This should
make it safer to interact with AndroidKeyStore code that uses JCA
strings. This was requested by API Council.
Bug: 18088752
Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
This switches to ProviderException in most places in AndroidKeyStore
primitives where checked exceptions cannot be thrown. This is to
follow JCA design.
KeyStoreKeyGeneratorSpi is not touched by this CL because there's
another CL already doing that.
Bug: 18088752
Change-Id: If7e93042f973334b9bba004f5a330f831c1e77c1
This makes AndroidKeyStore Cipher and KeyGenerator implementations mix
in additional entropy into keymaster's RNG regardless of whether they
were provided with a SecureRandom instance.
In practice, they are always provided with a SecureRandom instance.
However, to be safe, when no SecureRandom instance is provided the
code now uses a platform-default SecureRandom implementation.
Bug: 18088752
Change-Id: I85bca30d7bdc82c2a342094dcbe6044e48a63dca
This propagates the concept that 0 is an invalid crypto operation
handle to the outside of AndroidKeyStore abstraction.
Bug: 20864436
Change-Id: I1e5abb66c5d41d8fc32aac44372495a708c2b6e2
This converts KM_ERROR_CALLER_NONCE_PROHIBITED into
InvalidAlgorithmParameterSpec, as expected by the contract of JCA
Cipher.
Bug: 18088752
Change-Id: I6a01e2d7118c478b27a0d7a5a14a127de8913755
FingerprintService is a lower layer of abstraction which should
ideally be accessed only via FingerprintManager from
AndroidKeyStore.
The main issue with the switch is that it requires a reference to a
Context. This is now obtained using ActivityThread's hidden API.
Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa
* MAC length is now specified as a parameters to the begin operation
instead of as a parameter at key generation/import time.
* KM_TAG_MAC_LENGTH is now in bits instead of in bytes.
Change-Id: I752fe232d11d3ac39a575a48948215d84ded8fb9
This makes symmetric Cipher and Mac implementations backed by
AndroidKeyStore succeed in their initialization when the key is
configured to require user authentication for every use. Users
of such keys should obtain an instance of Cipher or Mac, initialize
it with the key, and then authorize the operation by passing this
Cipher or Mac instance to FingerprintManager.authenticate.
Bug: 18088752
Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1
Bouncy Castle JCA provider incorrectly declares that its Cipher, Mac,
Signature, and KeyAgreement implementations accept arbitrary keys (
including AndroidKeyStore keys). As a result, when a Cipher, Mac,
Signature, or KeyAgreement instance is requested from JCA without
explicitly specifying the provider (which follows best practices)
and then initialied with an AndroidKeyStore key, JCA chooses the
BouncyCastle's implementation, which in turn blows up because it
can't handle such keys.
The workaround is to install Cipher, Mac, Signature, and
KeyAgreement implementations backed by AndroidKeyStore as a
higher-priority JCA provider than the Bouncy Castle one. This is
achieved by splitting out the above implementations from
AndroidKeyStoreProvider into AndroidKeyStoreBCWorkaroundProvider
and installing the AndroidKeyStoreProvider at the usual priority
(below Bouncy Castle) and the AndroidKeyStoreBCWorkaroundProvider
at above Bouncy Castle priority.
Bug: 20691708
Change-Id: I336464f4a49bc30c6845ddc4e84b07f4105424dd
This enables users of AndroidKeyStore crypto to differentiate between
the key being unusable until the user is authenticated
(UserNotAuthenticatedException) and the key being permanently unusable
(KeyPermanentlyInvalidatedException). The latter is the case when the
secure lock screen has been disabled or reset, and, for keys that
require user authentication for every use, when a new fingerprint is
enrolled or all fingerprints are unenrolled.
NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the
NewFingerprintEnrolledException which has thus been removed. There
is no way to find out whether a key was permenently invalidated
specifically because a new fingerprint was added.
Bug: 20642549
Bug: 20526234
Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
This simplifies the AndroidKeyStore API around user authentication: no
more explicit control over which user authenticators are bound to
which keys.
User-authenticated keys with timeout are unlocked by whatever unlocks
the secure lock screen (currently, password/PIN/pattern or
fingerprint). User-authenticated keys that need authentication for
every use are unlocked by fingerprint only.
Bug: 20526234
Bug: 20642549
Change-Id: I1e5e6c988f32657d820797ad5696797477a9ebe9
OP_AUTH_NEEDED will be returned from begin when an operation needs
a per operation authentication before calling update. Note that the
begin call succeeds when this error is returned, the token and handle
are valid.
(cherry picked from commit dabe520a3e6b0d0c40adfd748483fa336c43c366)
Change-Id: I0ba4e997360843b5eb6c1db9c5fcd1c4d5a2c717
This changes the implementation of AndroidKeyStore-backed Cipher and
Mac to avoid throwing runtime exceptions during normal use. Runtime
exceptions will now be thrown only due to truly exceptional and
unrecoverable errors (e.g., keystore unreachable, or crypto primitive
not initialized).
This also changes the implementation of Cipher to cache any errors
encountered in Cipher.update until Cipher.doFinal which then throws
them as checked exceptions.
Bug: 20525947
Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727
For consistency, this also switches AndroidKeyStore's Mac init/reset
implementation to the same approach as used in Cipher.
Bug: 18088752
Change-Id: Id34caf7cfe04f2058e22d8632890f762927bb31c
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
When AndroidKeyStore keys require used authentication, they need to be
bound to a Keymaster's Secure User ID. This ID will be set by keystore
soon. Until then, set it from the framework level (i.e., from apps
which use AndroidKeyStore).
NOTE: Accessing gatekeeper to obtain the Secure User ID will be
blocked by SELinux policy. To test this code, disable SELinux
enforcing mode.
Bug: 18088752
Change-Id: I7a3315eb52f0fc978d14d5d0e9613f2f36c6c01e
This workaround prevents use of keys with randomized encryption
(IND-CPA). Since randomized encryption is on by default, it's better
to keep it working and break non-randomized encryption (until
Keymaster is fixed).
Bug: 18088752
Change-Id: I4b11ce72cff705be41d3e66f28b507d6ddc1da79
This tracks 59f977c6988e21b3b8aa6c83428bd6ee1a98816d due to which
AndroidKeyStore is unable to provide symmetric keys because it
assumes that the digest field is not repeating.
Bug: 18088752
Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
