Add KeyStore.onUserPasswordChanged for the lockscreen to call when
the user changes their password. Keystore will then handle the logic of
deleting keys. Instead of calling Keystore.password_uid for both
unlocking and password changes the behavior has been split into
Keystore.unlock and onUserPasswordChanged.
Change-Id: I324914c00195d762cbaa8c63084e41fa796b7df8
FingerprintService is a lower layer of abstraction which should
ideally be accessed only via FingerprintManager from
AndroidKeyStore.
The main issue with the switch is that it requires a reference to a
Context. This is now obtained using ActivityThread's hidden API.
Change-Id: If921e169838ee2cc5c7690b8c8d8ea95c33248aa
This makes symmetric Cipher and Mac implementations backed by
AndroidKeyStore succeed in their initialization when the key is
configured to require user authentication for every use. Users
of such keys should obtain an instance of Cipher or Mac, initialize
it with the key, and then authorize the operation by passing this
Cipher or Mac instance to FingerprintManager.authenticate.
Bug: 18088752
Change-Id: Ia15a1e5f8274c3623f665dae1f400ff539639ab1
This enables users of AndroidKeyStore crypto to differentiate between
the key being unusable until the user is authenticated
(UserNotAuthenticatedException) and the key being permanently unusable
(KeyPermanentlyInvalidatedException). The latter is the case when the
secure lock screen has been disabled or reset, and, for keys that
require user authentication for every use, when a new fingerprint is
enrolled or all fingerprints are unenrolled.
NOTE: The KeyPermanentlyInvalidatedException subsumes/replaces the
NewFingerprintEnrolledException which has thus been removed. There
is no way to find out whether a key was permenently invalidated
specifically because a new fingerprint was added.
Bug: 20642549
Bug: 20526234
Change-Id: I0206cd99eef5c605c9c4d6afc5eea02eb3b1fe6b
OP_AUTH_NEEDED will be returned from begin when an operation needs
a per operation authentication before calling update. Note that the
begin call succeeds when this error is returned, the token and handle
are valid.
(cherry picked from commit dabe520a3e)
Change-Id: I0ba4e997360843b5eb6c1db9c5fcd1c4d5a2c717
This changes the implementation of AndroidKeyStore-backed Cipher and
Mac to avoid throwing runtime exceptions during normal use. Runtime
exceptions will now be thrown only due to truly exceptional and
unrecoverable errors (e.g., keystore unreachable, or crypto primitive
not initialized).
This also changes the implementation of Cipher to cache any errors
encountered in Cipher.update until Cipher.doFinal which then throws
them as checked exceptions.
Bug: 20525947
Change-Id: I3c4ad57fe70abfbb817a79402f722a0208660727
NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.
Bug: 20521989
Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
The code in question talks to KeyStore which returns error codes
which are a mix of keystore and keymaster error codes. To better
match the layering of KeyStore on top of keystore and keymaster,
this CL renames KeymasterException into KeyStoreException. It also
adds human-readable error messages to exceptions raised by keystore
rather than keymaster (e.g., key not found).
Bug: 18088752
Change-Id: I4cd1235e16518c9f2e8c5557a457774c6e687b88
generateKey and begin can now optionally take an array of bytes to add
to the rng entropy of the device before the operation. If entropy is
specified and the device does not support add_rng_entropy or the call
fails then that device will not be used, leading to fallback or error
depending on the situation.
Change-Id: Id7d33e3cc959594dfa5483d002993ba35c1fb134
Having it as a raw byte[] caused issues in keystore because keymaster
handles a null blob differently than a blob with null contents. Make
this explicit in the API.
Change-Id: Ifcf550f438608b8f09fc589d00d06fffa6ee463b
Add methods for sending an auth token to keystore and to query the
authorization state of a given operation.
Change-Id: I223df5c56ae2a251ef31cfe60f06c046c12a5cd8
The Android KeyStore backed KeyPairGenerator can generate EC key
pairs, but it cannot be instantiated via the standard JCA approach of
KeyPairGenerator.getInstance("EC", "AndroidKeyStore"). Instead, the
user must invoke KeyPairGenerator.getInstance("RSA",
"AndroidKeyStore") and then tell it to generate an EC key pair.
This CL fixes this weirdness.
The fix requires the introduction of late resolution of key algorithm
and default key size. Prior to this CL, these parameters were resolved
prior to KeyPairGenerator initialization, inside KeyPairGeneratorSpec.
In this CL, these parameters are resolved during KeyPairGenerator
initialization. This is fine because KeyPairGeneratorSpec should be as
dumb as possible and all the logic should reside in KeyPairGenerator
and lower layers.
Bug: 19018089
Change-Id: I114502356e6c9691518cf05b6d9eb0920b4fe0b2
This replaces IKeystoreService.java with IKeystoreService.aidl and
changes the methods that passed down a byte[][] to instead pass down a
KeystoreArguments which is currently a thin parcelable wrapper around a byte[][].
Change-Id: I6367bcf57562f41a27aab14f1903b74995cb65c2
Fixes setting a keyguard password for keystore in a multi-user setup
while we're at it.
Bug: 16233206.
Change-Id: I7941707ca66ac25bd122fd22e5e0f639e7af697e
Before there was only one key type supported, so we didn't need to query
a key type. Now there is DSA, EC, and RSA, so there needs to be another
argument.
Bug: 10600582
Change-Id: I9fe9e46b9ec9cfb2f1246179b2c396216b2c1fdb
Add the encrypted flag for the KeyPairGenerator and the KeyStore so that
applications can choose to allow entries when there is no lockscreen.
Bug: 8122243
Change-Id: Ia802afe965f2377ad3f282dab8c512388c705850
In order to let apps use keystore more productively, make the blob
encryption optional. As more hardware-assisted keystores (i.e., hardware
that has a Keymaster HAL) come around, encrypting blobs start to make
less sense since the thing it's encrypting is usually a token and not
any raw key material.
Bug: 8122243
Change-Id: If9af0d992d68edec006e630c687df3d03a7c9608
Add a hook into PackageManagerService so that when app IDs are
completely removed, we erase all entries from keystore for those UIDs
that have gone away.
(cherry picked from commit 95e3ee3971)
Bug: 3020069
Change-Id: I374258ccc103f8cb3e238f2bf0d1afda0659db94
Add an API to keystore daemon to query what kind of storage is currently
in use.
(cherry picked from commit a738e2a1ae)
Change-Id: I52c84449a27b1cefc49372a6406b7132c2bbddee
After discussion, it was determined that duplicate would be less
disruptive and it still fit in the current HAL model.
Change-Id: I2f9cae48d38ec7146511e876450fa39fc92cda55
To support the WiFi service, we need to support migration from the
system UID to the wifi UID. This adds a command to achieve the
migration.
Bug: 8122243
Change-Id: I65f7a91504c1d2a2aac22b9c3051adffd28d66c1
In previous commits, we added the ability to specify which UID we want to
target on certain operations. This commit adds the ability to reach those
binder calls from the KeyStore class.
Also fix a problem where saw() was not reading all the values returned via
the Binder call. This changes the semantics to return a null instead of
failing silently when it's not possible to search.
Change-Id: I32098dc0eb42e09ace89f6b7455766842a72e9f4
Instead of blindly multiplying return value by 1000 to convert to
milliseconds, check to see if it's an error condition first.
Change-Id: I8eab1e7a86d78c13458fcbbc79d590e452fc9791
java.security.KeyStore requires that you be able to get the creation
date for any given entry. We'll approximate that through using the mtime
of the file in the keystore.
Change-Id: I16f74354a6c2e78a1a0b4dc2ae720c5391274e6f
Change the keystore to keep the private keys in keystore. When returned,
it uses the OpenSSL representation of the key to allow users to use it
in various operations through the OpenSSL ENGINE that connects to
keystore.
Change-Id: I3681f98cb2ec49ffc4a49f3821909313b4ab5735
Summary:
frameworks/base
keystore rewrite
keyguard integration with keystore on keyguard entry or keyguard change
KeyStore API simplification
packages/apps/Settings
Removed com.android.credentials.SET_PASSWORD intent support
Added keyguard requirement for keystore use
packages/apps/CertInstaller
Tracking KeyStore API changes
Fix for NPE in CertInstaller when certificate lacks basic constraints
packages/apps/KeyChain
Tracking KeyStore API changes
Details:
frameworks/base
Move keystore from C to C++ while rewriting password
implementation. Removed global variables. Added many comments.
cmds/keystore/Android.mk
cmds/keystore/keystore.h
cmds/keystore/keystore.c => cmds/keystore/keystore.cpp
cmds/keystore/keystore_cli.c => cmds/keystore/keystore_cli.cpp
Changed saveLockPattern and saveLockPassword to notify the keystore
on changes so that the keystore master key can be reencrypted when
the keyguard changes.
core/java/com/android/internal/widget/LockPatternUtils.java
Changed unlock screens to pass values for keystore unlock or initialization
policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java
policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java
KeyStore API changes
- renamed test() to state(), which now return a State enum
- made APIs with byte[] key arguments private
- added new KeyStore.isEmpty used to determine if a keyguard is required
keystore/java/android/security/KeyStore.java
In addition to tracking KeyStore API changes, added new testIsEmpty
and improved some existing tests to validate expect values.
keystore/tests/src/android/security/KeyStoreTest.java
packages/apps/Settings
Removing com.android.credentials.SET_PASSWORD intent with the
removal of the ability to set an explicit keystore password now
that the keyguard value is used. Changed to ensure keyguard is
enabled for keystore install or unlock. Cleaned up interwoven
dialog handing into discrete dialog helper classes.
AndroidManifest.xml
src/com/android/settings/CredentialStorage.java
Remove layout for entering new password
res/layout/credentials_dialog.xml
Remove enable credentials checkbox
res/xml/security_settings_misc.xml
src/com/android/settings/SecuritySettings.java
Added ability to specify minimum quality key to ChooseLockGeneric
Activity. Used by CredentialStorage, but could also be used by
CryptKeeperSettings. Changed ChooseLockGeneric to understand
minimum quality for keystore in addition to DPM and device
encryption.
src/com/android/settings/ChooseLockGeneric.java
Changed to use getActivePasswordQuality from
getKeyguardStoredPasswordQuality based on experience in
CredentialStorage. Removed bogus class javadoc.
src/com/android/settings/CryptKeeperSettings.java
Tracking KeyStore API changes
src/com/android/settings/vpn/VpnSettings.java
src/com/android/settings/wifi/WifiSettings.java
Removing now unused string resources
res/values-af/strings.xml
res/values-am/strings.xml
res/values-ar/strings.xml
res/values-bg/strings.xml
res/values-ca/strings.xml
res/values-cs/strings.xml
res/values-da/strings.xml
res/values-de/strings.xml
res/values-el/strings.xml
res/values-en-rGB/strings.xml
res/values-es-rUS/strings.xml
res/values-es/strings.xml
res/values-fa/strings.xml
res/values-fi/strings.xml
res/values-fr/strings.xml
res/values-hr/strings.xml
res/values-hu/strings.xml
res/values-in/strings.xml
res/values-it/strings.xml
res/values-iw/strings.xml
res/values-ja/strings.xml
res/values-ko/strings.xml
res/values-lt/strings.xml
res/values-lv/strings.xml
res/values-ms/strings.xml
res/values-nb/strings.xml
res/values-nl/strings.xml
res/values-pl/strings.xml
res/values-pt-rPT/strings.xml
res/values-pt/strings.xml
res/values-rm/strings.xml
res/values-ro/strings.xml
res/values-ru/strings.xml
res/values-sk/strings.xml
res/values-sl/strings.xml
res/values-sr/strings.xml
res/values-sv/strings.xml
res/values-sw/strings.xml
res/values-th/strings.xml
res/values-tl/strings.xml
res/values-tr/strings.xml
res/values-uk/strings.xml
res/values-vi/strings.xml
res/values-zh-rCN/strings.xml
res/values-zh-rTW/strings.xml
res/values-zu/strings.xml
res/values/strings.xml
packages/apps/CertInstaller
Tracking KeyStore API changes
src/com/android/certinstaller/CertInstaller.java
Fix for NPE in CertInstaller when certificate lacks basic constraints
src/com/android/certinstaller/CredentialHelper.java
packages/apps/KeyChain
Tracking KeyStore API changes
src/com/android/keychain/KeyChainActivity.java
src/com/android/keychain/KeyChainService.java
support/src/com/android/keychain/tests/support/IKeyChainServiceTestSupport.aidl
support/src/com/android/keychain/tests/support/KeyChainServiceTestSupport.java
tests/src/com/android/keychain/tests/KeyChainServiceTest.java
Change-Id: Ic141fb5d4b43d12fe62cb1e29c7cbd891b4be35d
In addition to the primary change in the subject, also some minor cleanup of javadoc, typos, CloseGuard warning, etc found while working on a new AbstractAccountAuthenticator.
Change-Id: I73f3408773a43a0021a15f8d051fd3dbbdf898a5
By default, when java converts Strings to bytes, it uses the
default system locale. This can be specified by the -Dfile.encoding
option. If no file encoding is specified, java uses ISO8859_1.
Unfortunately, not all unicode characters can be mapped to
ISO8859_1. Unmappable characters may be replaced by a byte
within ISO8859_1, which may change the meaning of the String.
This is especially problematic for password strings, and has
been used to compromise the security of passwords in the
past.
Thankfully, Android uses UTF-8 by default, so this bug doesn't
effect Android devices. However, it's recommended to explicitly
list the character set when converting to/from bytes to
avoid the potential ambiguity.
Change-Id: Iec927e27ed3fc103696c439f6bd3e8779a37ade8
