This is part of the changes to improve the UX and language for installing certificates.
Previously, the different types of certificate used the same installation flow. This CL
introduces a new settings page, where the type of certificate to be installed can be selected.
Bug: 139173976
Test: Atest com.android.settings.security
manual testing from Settings by selecting the certificate type
preference and ensuring the installation flow still worked as expected.
Change-Id: I6e0606b00c5f684571ffbd903b9cf55c6911fd0f
Add KEY_ALIAS_SELECTION_DENIED contant to flag that no private key alias has
been chosen in onChoosePrivateKeyAlias, but no KeyChainActivity selection dialog
should be presented to the user.
Bug: 136649900
Test: run cts --test MixedManagedProfileOwnerTest#testDelegationCertSelection
Change-Id: I9aeea7be0c2a6172ca054f91d49183c843ecfa6e
Introduce a new API to request use of individual attestation
certificate for attesting keys generated by the
DevicePolicyManager.generateKeyPair method.
It builds on existing device ID attestation capabilities in two ways:
(1) Eligibility check: Assuming similar privacy requirements for the use
of individual attestation certificates, enforce the same conditions
for using them as the conditions for requesting device identifiers
in the attestation record.
(2) Keymaster interaction: Passing the right Keymaster tag to the
attestKey call, which is easily done in AttestationUtils.
Bug: 136494773
Test: CTS test to be added.
Change-Id: Idb5cee66d986a521c17e1955532d0bfae66c035d
Unify the manual certificate installation flow (via "Install from
storage" in the Settings app) with the programmatic one (using
DevicePolicyManager.installKeyPair).
The unification is achieved by extending the KeyChainService API to take
in the UID for which the key is designated (so WiFi keys can be
installed with the unified flow), and making the CredentialStorage
activity call the KeyChainService rather than poke into Keystore
directly.
Framework-related changes to support this:
* Add new constant for specifying the key alias as an extra to the
install activity, and remove obsolete constants from the Credentials
class.
* Make KeyChainService definition include key destination UID.
* Make the call to KeyChainService.installKeyPair from the
DevicePolicyManagerService specify the "self" UID.
Test: Manual CtsVerifier tests: KeyChain Storage Test, CA Cert Notification Test
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Bug: 138375478
Change-Id: Ib317f85fa6719c70ee3b1da4255c44754fbfa789
Make AttestedKeyPair c'tor accept a List<Certificate> rather than
Certificate[] to match the getter method on this class.
To make it easier to use this class from other framework code I've
re-instantiated the c'tor with a certificate array which will
convert the array to a list.
Bug: 139092002
Test: cts-tradefed run commandAndExit cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: Ie80dcb28f112efa89d3cc6fdceb1b9e5e26c58b1
Make the constructor for AttestedKeyPair public so instances of it can
be created for testing.
Bug: 138409426
Test: That it compiles
Change-Id: Iab8fbf1ad2293a91347701eb67631a8f3a3bd3fa
There's a long-standing bug (since ~Marshmallow) that causes
AndroidKeyStore to truncate large (>64 KiB) blocks of data. This can
be avoided by callers by processing data in smaller chunks, and
smaller chunks are more memory-efficient while not being much (if any)
more time-efficient. But, Keystore should handle large blocks
correctly. This CL adds a test to all block cipher tests that
attempts to encrypt and then decrypt a 100 KiB block.
Bug: 123391046
Test: CtsKeystoreTestCases
Change-Id: I0c0286fd5360d4fe62cbd8130aa0c17f97318801
Since keystore accepts asynchronous requests it may be that apps wait
forever if keystore dies. This patch adds a death recipient to all
keystore promises so that Keystore.java gets notified when keystore
dies.
Test: atest android.keystore.cts
Bug: 111443219
Bug: 128991260
Change-Id: Ie6e4a4f371287f83a2cdf4069d5686c67d8aebc1
This is useful when the caught exceptions are not informative and they
act as a red herring in the adb logs.
Bug:109791294
Test: call this method in the VpnSettings and manually navigate to
adding a new VPN by searching for VPN in settings and then pressing '+'.
Change-Id: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
Merged-In: I4bc86e3ea5b11027090fd3a27dc7455557cf66ab
If a certificate is self signed, then currently KeyStore will still
attempt to find the CA certificate. When it obviously fails to find it,
a key not found exception is propagated up and thrown. This CL
suppresses that exception, as it seems to exclusively be thrown in this
condition, which is WAI. Having the stack trace show up can be very
misleading to developers.
Test: atest cts/tests/tests/keystore/src/android/keystore/cts
Change-Id: I192f54d3d8355c183e830ab09314932e8800f7ed
Mark the c'tor parameters as nullable to comply with Exception's
behaviour.
Bug: 126702366
Test: That it compiles
Change-Id: I96a7c03cb79e7180872de02bee143b67f7a408ec
If they were null, then the Parcelable would fail to work.
Bug: 126726802
Test: manual
Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014
Exempt-From-Owner-Approval: Trivial API annotations
For packages:
android.security
android.service.dreams
android.service.euicc
android.service.vr
android.service.wallpaper
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Merged-In: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
Change-Id: I09850a52193a28b0f884cfa01b564c29d25d41ed
For packages:
android.security
android-service.dreams
android.service.euicc
android.service.vr
android.service.wallpaper
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I1c8ae08f8d3b4b2f5bf365468f22155f8def09fe
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Merged-In: I878a628824e2eeb639ec5678b1a5d3d10428a918
This is to keep it in sync with response codes in keystore.h.
This commit also adds the KeyPermanentlyInvalidatedException to all the
methods that could receive this error code out of KeyStore.
Bug: 118883532
Test: atest cts/hostsidetests/appsecurity/src/android/appsecurity/cts/AuthBoundKeyTest.java
Change-Id: I878a628824e2eeb639ec5678b1a5d3d10428a918
Previously the framework would accept any key size that was a multiple
of 8 for the KeyGenerator.
Bug: 117509689
Bug: 122274787
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Change-Id: I60b52f6062a41ae52486bae0ae36616f4b532b37
Improve the documentation on the case of key override: When a new key is
generated/installed using an alias that already exists.
In particular, clarify that grants are lost and that a new call to
KeyChain.choosePrivateKeyAlias must be issued in this case.
Bug: 123563258
Test: that it builds.
Change-Id: I055e95f57b9576883736ca0cfa6a998dec08a6c2
Add the Android Enterprise Security team as OWNERS for KeyChain and
KeyChain-related code.
The KeyChain code currently lives under keystore/, which means every
change requires Keystore owners approval, but it does not make sense for
KeyChain as KeyChain is a Keystore client and is developed
independently.
Test: Gerritt upload.
Bug: 33166666
Change-Id: Idfedda9553add303439179ce10a1e75e437bbe83
Remove methods from the Credentials class that are no longer used,
now that KeyChain no longer depends on the presence of a screen lock.
Bug: 120901345
Test: That it builds, manually with CtsVerifier
Change-Id: I37ad617f076a9ea9b5a5c789cd1da77110ad7b3b
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: I020a9c09672ebcae64c5357abc4993e07e744687
engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call
into the backing Keymaster implementation until generate is called on it
to actually create the key. If a disallowed spec for StrongBox is passed
in, the backing StrongBox implementation won't be able to revoke it
until engineGenerateKey() is called, which will create different
behaviors between TEE backed implementations (which support a wider
range of algorithm spec parameters) and StrongBox implementations from a
public API perspective. This change will make sure HMAC is the same for
StrongBox.
This is also being done for EC keys in
AndroidKeyStoreKeyPairGeneratorSpi.java
Bug: 113525261
Bug: 114487149
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Test: atest
cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
Why?: 1) Returning an array list is unsafe because it must be allocated in Java and C++ must not change the size. 2) List<Integer> is not supported by AIDL, but List<String> is. I decided it was simpler to pass back integers encoded as strings than to create yet another parcelable.
Bug: b/119616956
Test: ./list_auth_bound_keys_test.sh
Test: Temporarily modified settings app to call listUidsOfAuthBoundKeys
Change-Id: I3bf7578c96e800c8d35fba897f52220136dcd657
API stubs generation implicitly made any types used by an API also part
of that API. This has caused DeviceIdAttestationException and
ImsFeature.Capabilities to become implicit APIs, so they are added to
the API files.
After this, using non-API types in APIs will become an error to prevent
implicit APIs occuring in the future.
Bug: 119556446
Test: METALAVA_PREPEND_ARGS="--error ReferencesHidden" make
Exempt-From-Owner-Approval: Identical CL has been approved on other branch
Change-Id: I5fe4f20502b8d4e287b28e9f07139456d4191e22
Merged-In: I5fe4f20502b8d4e287b28e9f07139456d4191e22
(cherry picked from commit 8f91e5fde8)
Since the keystore alias prefix USERSKEY was deprecated
Credentials.deleteUserKeyTypeForAlias tried to delete key the
remaining prefix first and if that failed tried to delete the
legacy prefix.
However, KeyStore.delete returns true if the key was deleted or
did not exist. So the first call to delete would return true
whether the key existed or not and the legacy alias would never be
deleted.
This patch introduces a new flavor of KeyStore.delete, that returns an
error code instead of a boolean. The caller can now distinguish
the nature of the failure. Credentials.deleteUserKeyTypeForAlias now
checks this return code and attempts to delete the legacy variant if
KEY_NOT_FOUND was returned.
Bug: 117818447
Change-Id: Ifae1f3dbb07d85d94f430ead2cdd3e39d22436a4
