The caller to KeyChain.choosePrivateKeyAlias can restrict the set of
aliases that are displayed to the user to select from by specifying the
issuers that the associated certificates should be issued by or the key
types that these certificates should contain.
Until now this functionality was not implemented. This was mostly
affecting Chrome
(https://bugs.chromium.org/p/chromium/issues/detail?id=753756).
Support this functionality by passing the issuers and key types into the
KeyChainActivity (from KeyChain) and, prior to displaying the aliases
associated with the certificates, check if each certificate adheres to
the criteria (key type, issues) specified.
Bug: 62910781
Test: m -j RunKeyChainRoboTests
Change-Id: I75e071545699891cfbd77d4f706fc5ef35b85516
Check for brand parameter specified in config file. Implementing suggestion that was added to the original CL (ag/4791307) after it was submitted.
Bug: 69471841
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I9b257f406d5b47265db4dbf022df75865f496cdd
Some Pixel devices had a wrong brand value provisioned into keymaster.
Due to this misprovisioning those devices fail device ID attestation because it includes a check for the correct brand value.
This is now solved by re-trying Device ID attestation if we are running on a potentially misprovisioned device, allowing for the known incorrect brand value.
Bug: 69471841
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: Ia0da5478d6092c1927d26600a6893ae8ce53da51
For packages:
android.security.net.config
android.security.keystore
android.security.keymaster
android.security
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I7762dd647bede8abc9be2c538af3a3a99a25a73e
@UnsupportedAppUsage annotations are added automatically, but this does
not work when there are multiple definitions on the same line.
Test: m
Bug: 110868826
Change-Id: I2c26c136cdfa557e45cf1ee0b39dab9c17abde56
The strongbox flag was not passed to keystore by
AndroidKeyStoreKeyGeneratorSpi. As a result keys, that were supposed to
be generated in strongbox would silently be generated in TEE.
Test: There is no reliable way to test this other than instrumenting or
debugging the strongbox implementation. This was done by the
author of this patch.
Bug: 109769728
Change-Id: I8a08838440030fab7b774762c3d6af0d3b6a4ad8
When the caller attempts to generate a key via DevicePolicyManager
(using DevicePolicyManager.generateKeyPair), and specifies that
StrongBox should be used, throw the right exception indicating
StrongBox unavailability - the same one that is thrown if the same
parameters were passed to the KeyStore's key generation method.
This is achieved by catching the StrongBoxUnavailableException in
KeyChain, returning an error code indicating this particular failure
to the DevicePolicyManagerService, which then propagates it by
throwing a service-specific exception with a value indicating
StrongBox unavailability.
The DevicePolicyManager then raises StrongBoxUnavailableException.
Prior to this change the exception propagated from KeyChain would be
a generic failure so the caller would simply get a null result.
Bug: 110882855
Bug: 111183576
Bug: 111322478
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I9abe3f449b48eb5a960fafbc15c59b9b4ce7a966
Due to an oversight, some of the key generation parameters that are set
in KeyGenParameterSpec were not preserved when parceling the object
(they should have been added to ParcelableKeyGenParameterSpec but were
not).
This means these parameters will be ignored when generating keys using
the DevicePolicyManager.generateKeyPair method, leading to an
inconsistent key generation behaviour between the DevicePolicyManager
and KeyStore.
In particular, this would prevent callers from using StrongBox when
generating keys for use in the KeyChain.
Fix the issue by simply persisting these parameters in
ParcelableKeyGenParameterSpec and making sure that the Builder copies
them too from the source KeyGenParameterSpec.
Left to do is put in place an automated measure to find out
discrepancies between the two classes.
Bug: 110915980
Bug: 110882855
Bug: 109953656
Test: atest KeystoreTests
Change-Id: Ic64bd2921b6dfc97ea34ecba55f532312963ffcb
An Android-O timeframe refactor removed all use of keystore "skey"
aliases. Creating one not only partially reverses that refactor, but
it also results in a key alias which cannot be deleted in some cases,
causing AndroidKeyStoreTest failures during the second run of CTS.
Bug: 80228327
Test: CTS tests ImportWrappedKeyTest and AndroidKeyStoreTest, in that order
Change-Id: I348ba421f29cdf6c65fc98be3a25d19938d559c1
This is useful when the caught exceptions are not informative and they
act as a red herring in the adb logs.
Bug:109791294
Test: call this method in the VpnSettings and manually navigate to
adding a new VPN by searching for VPN in settings and then pressing '+'.
Change-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
doclava was accidentally suppressing all these broken links
in @see tags. This CL fixes issues so we can start enfocing
checks for broken @see links.
Test: make docs
Change-Id: If7830ece85f8d1f27c991eae282230814726e115
Exempt-From-Owner-Approval: Fixing @see javadoc link issues that are currently completely broken
Improve the choosePrivateKeyAlias documentation by:
(1) removing reference to host+port when a URI is being passed in.
(2) Clearing up the language about what a DPC can do.
Test: N/A
Bug: 81522642
Change-Id: I12fbf675536ea5d843dd2eec4f0379daad764bb6
Get unwrapping params from WrappedKeyEntry
Add @hide API for StrongBox-backed imported keys (as opposed to wrapped or generated)
Enable 3DES conditionally based on a system property.
Bug: b/79986479
Bug: b/79986680
Test: CTS
Change-Id: If6beedc203337027576ecd3555d11ed2874f9768
Both the code and docstring support this, but the parameters weren't
annotated.
Test: it builds locally
Change-Id: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0
Merged-In: I16beddcd74a86047ce9aaf37007d96f3e8e0d4e0
Fix: 78868934
(cherry picked from commit b7c5eddc53c3872b661222ae30270d95cfe63b4e)
Rather than rely on getDeviceId to provide the MEID, explicitly use
getMeid to get it.
For MEID attestation to work, the right identifier needs to be passed in
for attestation by Keymaster.
AttestationUtils currently gets this identifier by calling getDeviceId.
This would only yield the MEID if the device does not have an IMEI
provisioned, which means it'll get the IMEI for devices that have both
(like Pixel 2).
According to bartfab@ that is the correct way (see b/77584730#13).
Bug: 77584730
Bug: 73284024
Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I98f6c2e2a9835bf2fd681cfb4ff74fc3984c3a8e
Add @TestApi to allow CTS tests to use that call.
Encryption and decryption are reversed in some documentation.
Test: CtsKeystoreTestCases
Bug: 77596526
Change-Id: Ifaf8b3fa0e231eef256451a2514219fff1b16699
The existing name is misleading, because it can be read as requiring
that a trusted user be present, rather than the intended meaning of
requiring trusted proof of user presence. Since this is all about
TEE/SE-based keys, the "trusted" part is implied, so the simple
"userPresenceRequired" name makes more sense.
Bug: 77151288
Test: Keystore CTS tests
Change-Id: If8b533b9f34a1875eaf35cdd1bb8f3709da9761b
The call the framework uses to get the current user ID requires the
INTERACT_ACROSS_USERS permission, which not a lot of apps will have.
Find a better way to do that.
Bug: 76430246
Test: CtsKeystoreTestCases
Change-Id: I8a0637d351fff9cfbf40e02946325f90466b68c5
• WrappedKeyEntry: add doc (based on IKeymasterDevice.hal comments)
• StrongBoxUnavailableException: add public ctors, match superclass
• SecureKeyImportUnavailableException: new first class exception
• ORIGIN_SECURELY_IMPORTED: elaborated on properties
Test: make doc & review output
Bug: b/74218267
Change-Id: Ice9adc60ede618870e57bb58ca66fd0218cd2bf7
Remove the @hide annotations so the SDP asymmetric-write functionality
is included in the public API.
Test: CtsKeystoreTestCases
Bug: 63928827
Change-Id: I8f462b0ebe4d9a7b96b48fa1672dd2ab9140c505
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit da82e2cb7193032867f86b996467bcd117545616.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Ia162f1db81d050f64995d0360f714e79033ea8a5
Change-Id: Ia162f1db81d050f64995d0360f714e79033ea8a5
(cherry picked from d7c961ee914192e09ec10727da6d31a6b597bf51)
As KeyChain reports detailed error codes about failure to generate keys
or attestation records for them, log these detailed errors and throw an
exception if the hardware does not support Device ID attestation.
Bug: 72642093
Bug: 73448533
Test: cts-tradefed run commandAndExit cts-dev -s 127.0.0.1:50487 -a x86_64 -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG
Change-Id: Ib12efcf48c158373e1fc28cc51d67e70282d029e
This adds the API methods and values for keyguard-bound keys, but
contains none of the actual functionality.
Test: CTS tests in CtsKeystoreTestCases
Bug: 67752510
Merged-In: Iccd7dafd77258d903d11353e02ba3ab956050c40
Change-Id: Iccd7dafd77258d903d11353e02ba3ab956050c40
(cherry picked from commit fd75c7232aebc8690f004de3486b3b9a44f3e0b0)
Create an interface that encapsulates the common arguments to
AddUserAuthArgs, add that interface to KeyProtection and
KeyGenParameterSpec, and refactor AddUserAuthArgs to accept an
instance of that interface.
Test: CTS Module CtsKeystoreTestCases
Bug: 74017618
Merged-In: I591e34e5d08421ea1c022bbb6e955ee3c01eb435
Change-Id: I591e34e5d08421ea1c022bbb6e955ee3c01eb435
(cherry picked from commit df16c56fbf05908e03f3a95a8a3d981bbc2fdb91)
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: I4233b9091d9066c4fa69f3d24aaf367ea500f760
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I314b848f6971d1849a7a6347d52e41d9604639ae
This CL adds new Framework APIs that can be used for the secure
confirmations. This includes support for configuring a key such that
it can only sign data returned by the confirmation APIs.
Bug: 63928580
Test: Manually tested.
Change-Id: I94c1fc532376bd555b3dc37fc4709469450cfde6
