summaryrefslogtreecommitdiff
path: root/keystore/java/android
AgeCommit message (Collapse)Author
2022-03-15Merge SP2A.220305.013Haamed Gheibi
Bug: 220074017 Change-Id: Idfdd94e902f656ac65a2a75dfdd199f6f85ba472
2021-08-24Fix key alias string comparisonSeth Moore
The code was doing a reference compare, not object value comparison, resulting in failures in the KeyStore setEntry API. Test: CtsKeystoreTestCases:android.keystore.cts.AndroidKeyStoreTest Bug: 197138784 Change-Id: I2c5e47283eed5694951869e9ea3853364ddef9d1 Merged-In: I2c5e47283eed5694951869e9ea3853364ddef9d1
2021-08-13Fixing a condition that can cause deadlockMax Bires
Callbacks on ServiceConnection happen on the main UI thread for an application. Since the thread that calls bindService then immediately blocks to wait for the service to be connected, this will cause a deadlock if key operations are happening on the main UI thread. This bug has likely not been detected yet since key operations are not supposed to be performed on the main UI thread, however it was uncovered in a similar application during other testing. This fix ensures the ServiceConnection object's callbacks will be triggered from a separate thread from the calling thread. Bug: 196571032 Test: Apps that run key operations on the UI thread don't hang. Change-Id: I630a0ef2560a8ebd962de54c65e3d6277133a1cb
2021-07-20Merge "Fixing the race condition in GenerateRkpKey" into sc-devTreeHugger Robot
2021-07-20Fixing the race condition in GenerateRkpKeyMax Bires
This file was written on the assumption that bindService was synchronous, which it isn't. This change adds a CountDownLatch to force the class to wait for the binding to finish. If the relevant key generation service is not present on the system, then this functionality will just silently be skipped over. Bug: 190222116 Test: atest RemoteProvisionerUnitTests Change-Id: Ie34997a08aa743642c66a20c4b756cd47bff4af1 Merged-In: Ie34997a08aa743642c66a20c4b756cd47bff4af1
2021-07-08Keystore 2.0 SPI: Add EC_CURVE tag on key generation.Janis Danisevskis
The KeyMint spec requires the specification of the EC_CURVE tag when generating an EC key. This patch adds the correct curve tag parameter to the parameter list. Test: CtsVerifier Protected confirmation test. Bug: 192908276 Change-Id: I2e7dd4868abda85d244e73592ff12d688f5c21fc
2021-06-30Keystore 2.0: Renaming the vpnstore interface.Janis Danisevskis
Renaming the vpnstore interface to legacykeystore. Bug: 191373871 Test: TBD Change-Id: Icd304ef621f0de52d6ebc415a0628d63f827fbcd
2021-06-21Update the java doc of AndroidKeyStoreProvider#getKeyStoreOperationHandle to ↵Victor Chang
support Signature object Bug: 191661889 Test: m droid Merged-In: Ie65dcfe96f3bb00cc9af4d49e4e1d1f57bde438a Change-Id: Ie65dcfe96f3bb00cc9af4d49e4e1d1f57bde438a (cherry picked from commit 507a653a6e35fd3bf5b9a5927e4c17307593bcae)
2021-06-09Merge "Revert "Fixing the race condition in GenerateRkpKey"" into sc-devMax Bires
2021-06-09Revert "Fixing the race condition in GenerateRkpKey"Max Bires
This reverts commit d05498b9d8d30ca69eaafe920c5915ee472058eb. Reason for revert: Bugged on non-RKP systems. Bug: 190222116 Change-Id: Ie7d17d4251c381c1bae6a76cd9b0246c551f8042
2021-06-08Merge "Fixing the race condition in GenerateRkpKey" into sc-devTreeHugger Robot
2021-06-08Fixing the race condition in GenerateRkpKeyMax Bires
This file was written on the assumption that bindService was synchronous, which it isn't. This change adds a CountDownLatch to force the class to wait for the binding to finish. Bug: 190222116 Test: atest RemoteProvisionerUnitTests Change-Id: I917a61da612f21f9a0f783bea5d24270d4e1db42
2021-06-07Check for invalid device attestation parametersSeth Moore
Previous releases explicitly check for invalid inputs. These checks were removed with the move to keystore2 -- add them back. Remove old prepareAttestationArguments* methods, as they are no longer referenced. Fixes: 188741672 Test: com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: I4eeec8367ebdfad527395206ab9e89b409e02631
2021-05-13Merge "Use keymasterSwEnforcedUserAuthenticators if ↵Joshua Duong
keymasterHwEnforcedUserAuthenticators is zero." am: 3b2decbb34 am: bc9360ea4e am: 791f088436 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1705645 Change-Id: Ieea062bd379150daf14406376e2e26b9499832fe
2021-05-13Merge "Use keymasterSwEnforcedUserAuthenticators if ↵Joshua Duong
keymasterHwEnforcedUserAuthenticators is zero."
2021-05-13Merge changes If663677b,I387d90ea am: ea4a93a946 am: da769ac79d am: 574db828e3Treehugger Robot
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1706425 Change-Id: I261fe4c6a0d926486052fdd2a812f709c419f78f
2021-05-13Merge changes If663677b,I387d90eaTreehugger Robot
* changes: Fixed KeyGenParameterSpecTest Keystore 2.0 SPI: Fix NPE in getUniqueAliases.
2021-05-13Merge "Keystore 2.0 SPI: Silence warning about blocking calls to Keystore." ↵Treehugger Robot
am: fa8d51d5a6 am: ad73e362f0 am: 41d04381e9 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1706447 Change-Id: I3247db1b8db8691705a3a7856d696a84f0fd1413
2021-05-12Keystore 2.0 SPI: Fix NPE in getUniqueAliases.Janis Danisevskis
getUniqueAliases may return a null if an error occurred. This would lead to a NPE in engineAliases. This patch makes getUniqueAliases return an empty HashSet instead. Test: atest KeystoreTests Change-Id: I387d90ea851a8b9c18bb2b20d1a0bfc1ab76c99f
2021-05-12Keystore 2.0 SPI: Silence warning about blocking calls to Keystore.Janis Danisevskis
Test: N/A Bug: 184108046 Change-Id: I7401b88e5055cb781113656021f3ec274d1951a4
2021-05-12Use keymasterSwEnforcedUserAuthenticators if ↵Joshua Duong
keymasterHwEnforcedUserAuthenticators is zero. Bug: 186562600 Test: atest android.appsecurity.cts.AuthBoundKeyTest#useInvalidatedAuthBoundKey Change-Id: I52a9c04b3e000416fb141d90d8d1f034348499de
2021-05-07Merge "Don't re-wrap DeviceIdAttestationExceptions" am: 27bc799e7e am: ↵Seth Moore
02359c00d6 am: 85d779c4a4 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1698089 Change-Id: I9aefcc9b3b93a37437885d7e6fb1a8d9734b3dd1
2021-05-05Don't re-wrap DeviceIdAttestationExceptionsSeth Moore
Instead of always wrapping errors in a DeviceIdAttestationException, check to see if the underlying cause was originally a DeviceIdAttestationException. If so, unwrap the cause and just re-throw that, preserving the original error. Bug: 183827468 Test: GtsGmsCoreSecurityTestApp Change-Id: Iab78ccaff91dd1de615e1d2b18f709027aecd59e
2021-04-28Merge changes from topic "biometric-unlocked-required" am: c36995ec84 am: ↵Paul Crowley
cf5f4d6cbf am: 9c975f2335 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1671106 Change-Id: I2c7e8050ca82f81ca865a76bd11a39d82eb09dcc
2021-04-27Tell keystore which SIDs can unlock this userPaul Crowley
If biometric unlock is enabled, we tell keystore at lock time so that a key can be set up in KM which unlocks UNLOCKED_DEVICE_REQUIRED keys based on auth tokens carrying those SIDs. This also has the effect that if there is no biometric unlock, UNLOCKED_DEVICE_REQUIRED keys have full cryptographic protection, per NIAP requirements. Test: aosp/1686345 Bug: 163866361 Change-Id: Ia4d01faa998c76b2b33ad3520730466ac59e6d8d
2021-04-23Merge "Keystore 2.0 SPI: Fix engineDoFinal with null input." am: 06df6d84eb ↵Treehugger Robot
am: 3310a9a81f am: eaca45fcf3 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1680128 Change-Id: I2ad6bfc44915687bc24c0ec60ebf99244f4758b1
2021-04-23Merge "Keystore 2.0 SPI: Fix engineDoFinal with null input."Treehugger Robot
2021-04-22Merge "Make sure DPC knows if revoke fails" into sc-devPavel Grafov
2021-04-22Keystore 2.0 SPI: Fix engineDoFinal with null input.Janis Danisevskis
AndroidKeyStoreCipherSpiBase.engineDoFinal may get called with a null input argument. In the case where we forward the operation to the default provider doFinal() needs to be called instead of doFinal(byte[], int, int). Bug: 183913233 Test: atest android.keystore.cts.CipherTest#testEncryptsAndDecryptsUsingCipherStreams Change-Id: Ia3afaf281be7c8e5493ac8e4155a7aa02d1d37f0
2021-04-22Merge "Remove usage of Math.randomLongInternal" am: c931f43bcd am: ↵Nikita Iashchenko
267fc8b764 am: 7716e67ea3 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1682025 Change-Id: I67913263f9bfb5380d915e716f19511db847a339
2021-04-22Merge "Remove usage of Math.randomLongInternal"Nikita Iashchenko
2021-04-21Merge "Keystore 2.0: Add namespace locksettings." am: 6bcd65c99e am: ↵Treehugger Robot
965c7e3c91 am: c40e1d5131 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1676196 Change-Id: Ifa0aafc8c2f5d412e2336c55db027277d94ca84e
2021-04-21Merge "Keystore 2.0: Add key migration API." am: d42f1be8eb am: a48b43ec42 ↵Rubin Xu
am: 87a312952c Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1676925 Change-Id: Id028c5a629cd6a5c58604af4bff12c5779e38911
2021-04-21Merge "Keystore 2.0: Add namespace locksettings."Treehugger Robot
2021-04-21Merge "Keystore 2.0: Add key migration API."Rubin Xu
2021-04-21Make sure DPC knows if revoke failsPavel Grafov
Bug: 183098396 Test: atest MixedDeviceOwnerTest#testKeyManagement Change-Id: I89b51a1fb4be3b53eb46a7c194924b5255cd262b
2021-04-21Remove usage of Math.randomLongInternalNikita Iashchenko
As a part of internal libcore API cleanup some of the functions previously exposed are getting removed from public surface. Math#randomLongInternal is a wrapper around java.util.Random and has no specific implications so its usages are get refactored. Bug: 154796679 Test: m droid Change-Id: I29e0e9307fbaf9c1ac018b83014efb2d3dd74479
2021-04-21Cred mng app URI documentationAlex Johnston
* Add URI matching documentation Bug: 177979648 Test: build docs Change-Id: I44d40e919cce1b4f955f562b1cf6cbad450b4b58
2021-04-20Keystore 2.0: Add namespace locksettings.Janis Danisevskis
This namespace is required by LocksettingsService to protect the synthetic password key from removal when the user removes the credentials or wipes AID_SYSTEM app data. Bug: 184664830 Test: N/A Change-Id: Ie752a75d2cb2ebf1f4e5814bc2cbc807cc754c21
2021-04-17Merge "Fix operation auth bound keys." am: b3671c4ab5 am: f941d3fb5b am: ↵Janis Danisevskis
0992040e48 Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1677200 Change-Id: Ie4972c2b9da95515b3e98f66af716e7d1fcf156c
2021-04-16Fix operation auth bound keys.Janis Danisevskis
CryptoObject still called the legacy AndroidKeystoreProvider which did not return the correct operation handle for per operation auth bound keys. Bug: 184804041 Bug: 185181377 Test: CtsVerifier->Security->Biometric Tests->2a Strong Biometrics + Crypto Merged-In: I0bceff0425e7ef32c394f33deda3c78f729c0c6c Change-Id: I0bceff0425e7ef32c394f33deda3c78f729c0c6c
2021-04-16Keystore 2.0: Add key migration API.Janis Danisevskis
The key migration API is required by locksettingsservice to move the synthetic password key out of AID_SYSTEM to protect it from deletion when the user removes credentials from AID_SYSTEM. Bug: 184664830 Test: N/A Change-Id: I8d0ffb79870affc8ac055574b6f808a984aa5e52
2021-04-08Merge "Keystore 2.0 SPI: Make getAttestationIds return an empty array." am: ↵Treehugger Robot
1f82f476c0 am: cf64e636a8 am: 1a4f20ceac Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1664321 Change-Id: I8c1146a0b86cfca21bf9f3e837b4315cca3d5f86
2021-04-07Keystore 2.0 SPI: Make getAttestationIds return an empty array.Janis Danisevskis
getAttestationIds shall return an empty array instead of null. Bug: 184026478 Test: N/A Change-Id: I6c6233fa50a83cf7d6354d2783525704a3b39d0d
2021-04-06Merge "Fixing array cast." am: caa4617084 am: 4737ee5fa4 am: ce59601017Max Bires
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1649541 Change-Id: I88ec6146f4b2bbfd159eb124fd01dcdc4b0b6f1f
2021-04-06Merge "Fixing array cast."Max Bires
2021-04-03Merge "Keystore 2.0: Remove Keystore 1.0 SPI with all remaining references" ↵Janis Danisevskis
am: a8b1b1a2e6 am: 08945c21ef am: 66ead4fb0b Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1624872 Change-Id: I08fcf329e59c309d9292edc846653b02e7a60f21
2021-04-01Keystore 2.0: Remove Keystore 1.0 SPI with all remaining referencesJanis Danisevskis
Bug: 171305684 Test: CtsKeystoreTestCases Change-Id: I337515dadc9e45b909bff058d4e13371b4fa843c
2021-03-29Merge "Keystore 2.0: Update to canonical service name." am: 5fdf93fc9d am: ↵Steven Moreland
615236ca66 am: d99097637f Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1649648 Change-Id: I9b247f6b3372f1babb19505bd67d026a279b5ec3
2021-03-29Merge "Keystore 2.0: Update to canonical service name."Steven Moreland
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 04:42:57 +0000