If provided the extra entropy will be added to the device before calling
finish. If entropy is provided and the device does not support supplying
additional entropy then finish will fail with KM_ERROR_UNIMPLEMENTED.
Change-Id: If26be118bf382604f6f8e96e833b76e6f9e94d58
Crypto primitives' getSpi has a side-effect which modifies the state
of the primitive: it selects an SPI implementation if it hasn't been
selected yet (e.g., Cipher.getInstance("AES") doesn't select an SPI
implementation until Cipher.init). The new method getCurrentSpi has
no side-effects: it simply returns null if no SPI implementation is
selected. The switch to getCurrentSpi lets us avoid side-effects and
throw a more pertinent exception when no SPI is yet selected.
Bug: 18088752
Change-Id: I6d62eb67f904a15782673d16bcdae240cdc8f979
Rename confusingly named methods, add userID arguments to all methods
that operate on user state and delete methods that have been replaced by
the onUser* methods.
Some of the old methods have been kept in KeyStore.java in order to ease
the transition of various system packages to the new methods.
Change-Id: Ic271689d62c36d255c5adee26c7abc2e7ed24df5
Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
(cherry-picked from commit a91a8504191d91d288c55821caa5bf00c9be26a2)
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
Keystore's begin operation now requires parameters which describe the
operation (e.g., algorithm, block mode, padding). This adjusts
KeyStoreTest to provide the necessary parameters.
Bug: 19509156
Change-Id: I8205288d8cbdd37196acde32548a0994763be38c
begin now returns OP_AUTH_REQUIRED for per operations with per op
authorization instead of NO_ERROR.
Change-Id: I1f472125f46155833e03ab30bf18363ff51b2c58
OP_AUTH_NEEDED will be returned from begin when an operation needs
a per operation authentication before calling update. Note that the
begin call succeeds when this error is returned, the token and handle
are valid.
Change-Id: I28953add4ffd7d873fc33ba3f2cf788f72b07d06
This changes the implementation of AndroidKeyStore-backed Cipher and
Mac to avoid throwing runtime exceptions during normal use. Runtime
exceptions will now be thrown only due to truly exceptional and
unrecoverable errors (e.g., keystore unreachable, or crypto primitive
not initialized).
This also changes the implementation of Cipher to cache any errors
encountered in Cipher.update until Cipher.doFinal which then throws
them as checked exceptions.
Bug: 20525947
Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727
For consistency, this also switches AndroidKeyStore's Mac init/reset
implementation to the same approach as used in Cipher.
Bug: 18088752
Change-Id: Id34caf7cfe04f2058e22d8632890f762927bb31c
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
This workaround prevents use of keys with randomized encryption
(IND-CPA). Since randomized encryption is on by default, it's better
to keep it working and break non-randomized encryption (until
Keymaster is fixed).
Bug: 18088752
Change-Id: I4b11ce72cff705be41d3e66f28b507d6ddc1da79
This tracks 59f977c6988e21b3b8aa6c83428bd6ee1a98816d due to which
AndroidKeyStore is unable to provide symmetric keys because it
assumes that the digest field is not repeating.
Bug: 18088752
Change-Id: Ie8ed01449280b7c759e81aeaf2066953b0abaf2a
This removes the need to specify the three parameters of the
self-signed certificate (serial number, subject, validity range) when
generating key pairs in AndroidKeyStore. This is achieved by
providing sensible defaults for these parameters:
* serial number: 1
* subject: CN=fake
* validity range: Jan 1 1970 to Jan 1 2048.
Bug: 18088752
Change-Id: I5df918b1ef8b26ed3ddd43828c4c78c9fa58cd43
This replaces int-based enums from KeyStoreKeyConstraints with
String values commonly used in JCA API.
As part of under the hood refactoring:
* KeyStoreKeyCharacteristics and KeyStoreKeyConstraints have been
merged into KeyStoreKeyProperties.
* KeymasterUtils methods operating on KeymasterArguments and
KeymasterCharacteristics have been moved to their respective
classes.
Bug: 18088752
Change-Id: I9c8b984cb3c28184adb617e34d87f2837bd1d3a1
This is a follow-up to 70376a77280551791dae62586a6bb0c77ed9429a where
I forgot to update this mapping.
Bug: 18088752
Change-Id: I322a9abd642ddee3bd2b4f49379b121012e32836
This adds MD5, SHA-1, SHA-224, SHA-384, and SHA-512. SHA-256 was
already there.
MD5 is not exposed for HMAC on purpose, because MD5 has been
deprecated for years.
Bug: 18088752
Change-Id: I4df3d3f6cf10805c7910a1bdb577a91c85055945
This makes IV-using Cipher implementations backed by AndroidKeyStore
refuse to be reused. After Cipher.doFinal completes, invoking update
or doFinal will raise an exception. This is to make it harder to
violate the security best practice of not reusing IV in encryption
mode.
Bug: 18088752
Change-Id: I5102f9e8b2ff428254294703e48948ea8576603d
GCM mode is not yet implemented. This is just adding a constant to
KeyStoreKeyConstraints.BlockMode.
Bug: 18088752
Change-Id: Ibba5b393f56ab9f6bb96d994f110687ab8d65ff3
This makes the new AndroidKeyStore API conform with the latest
Keymaster API changes as well as the latest Android framework API
design guidelines.
Keymaster changes:
* Multiple paddings, block modes, and digests can be set on a key.
* "max uses per boot" and "min seconds between use" restrictions will
not be exposed in the framework API.
* Padding scheme ZERO will not be exposed.
Changes due to Android framework design guidelines:
* Sets of enum values have been replaced with bitsets represented as
ints.
* Integer has been replaced with int, with null being represented
with a special value (e.g., -1 or 0) where possible.
Bug: 18088752
Change-Id: Ib21739aa9b42d48895cb7a681e836a5c6d972ac6
This avoids loading all AndroidKeyStore crypto SPI classes when the
AndroidKeyStore provider is instantiated and installed. This provider
is installed early on during the initialization of each app. Most apps
don't need these classes loaded.
Bug: 18088752
Change-Id: Ib43c9dd6a7d434b128916e0f9c8652ba61df0d47
The code in question talks to KeyStore which returns error codes
which are a mix of keystore and keymaster error codes. To better
match the layering of KeyStore on top of keystore and keymaster,
this CL renames KeymasterException into KeyStoreException. It also
adds human-readable error messages to exceptions raised by keystore
rather than keymaster (e.g., key not found).
Bug: 18088752
Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88
Now that auth token checks are in keystore keys without any auth tags
are invalid.
Also adds a test to check that a key with auth required fails when none
is present.
Change-Id: I0d5d44d70a849978e9b2e809675b8343c6650ff2
