| 28f2e72909a73788cf636b637f7403984ede3b74 |
|
07-Jul-2015 |
Shawn Willden <swillden@google.com> |
Check overflow in authorization set deserialization.
Bug: 22303155
Change-Id: I0e841ddcc0ba29b173d0d81f53d5d9299d52e07a
/system/keymaster/authorization_set.cpp
|
| c3ac84f04c4d6d74fa36abfd1cc2e5ac763a8af3 |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster tag types to clarify that integers are unsigned.
Bug: 22008538
Change-Id: I096cd977b34e9767845aaeece2da5f04c7fc86fe
/system/keymaster/authorization_set.cpp
|
| 0f906ec40f6ade7955c6b967ea522aade54ea2e4 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/authorization_set.cpp
|
| b5508298cdb1d42eaf8c81aa8a6ac2cbfdeef3c7 |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Update KeymasterEnforcement.
This brings KeymasterEnforcement up to date and cleans it up, making the
code more consistent with the rest of keymaster. It also makes it
possible to use from Trusty, by virtualizing some time-related functions
that don't work the same in Trusty-land.
Bug: 19511945
Change-Id: I1141c953f227f3ef8a78751d9f04bf4e4922d1f5
/system/keymaster/authorization_set.cpp
|
| bf0679a97499f92abc664179ddb8c1e3974f5c85 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Make AuthorizationSet interoperate with keymaster_key_param_set_t
Change-Id: Ia9586684f8abd5678f8fb07daf262dc9696f665e
/system/keymaster/authorization_set.cpp
|
| b6837e7a62a1192e33beef586282812239ee8b28 |
|
16-May-2015 |
Shawn Willden <swillden@google.com> |
Remove references to Google in Android keymaster reference implementation.
Change-Id: I05de61353fc806b90232fab7c1d1cf76aefa35fc
/system/keymaster/authorization_set.cpp
|
| edb7994f7d5764fcf06188dc005743f4209deb0f |
|
08-May-2015 |
Shawn Willden <swillden@google.com> |
Enforce purpose checking on keymaster operations.
Bug: 20917242
Change-Id: Ifd1d64e67f85ee42caae768c4512804bbbe20ad0
/system/keymaster/authorization_set.cpp
|
| 82114e7cbf97f65348d32b2685dd52427525146d |
|
16-Apr-2015 |
Shawn Willden <swillden@google.com> |
Fix serialization and deserialization of LONG_REP tags.
Change-Id: I473e4f5b2b3dfb9451a019d464314f82806cd137
/system/keymaster/authorization_set.cpp
|
| f01329d8692edde9a9ffb88f29f5d684eab481e2 |
|
12-Mar-2015 |
Shawn Willden <swillden@google.com> |
Improve error reporting and logging.
Bug: 19603049
Bug: 19509317
Change-Id: I041c973802e6c567adc5b1f280fc5bac27ba28d6
/system/keymaster/authorization_set.cpp
|
| eb63b9799eadcaa6ef206f8b804d7432e0dab14a |
|
14-Mar-2015 |
Shawn Willden <swillden@google.com> |
Add support for KM_TAG_USER_SECURE_ID.
Bug: 19511945
Change-Id: I629ab2c47ee6d42de20a963ef283e330364c8ee7
/system/keymaster/authorization_set.cpp
|
| b58dcde804dc9f69f89c620592b910083f32b01c |
|
02-Mar-2015 |
Shawn Willden <swillden@google.com> |
Make AuthorizationSet handle null initializers safely.
Change-Id: Ic58bb779c8cb30828ec9f57a1bb5bfe44c59a074
/system/keymaster/authorization_set.cpp
|
| 2c242009007a38b5c8003137fb8ba5a1fdb73b70 |
|
27-Feb-2015 |
Shawn Willden <swillden@google.com> |
Add AuthorizationSetBuilder.
Actually move it from google_keymaster_test, where it was called
ParamBuilder. This is a generally-useful tool.
Change-Id: I07200cdf2e5628289d9e544af02efe519ca124d3
/system/keymaster/authorization_set.cpp
|
| 1fa5d591fe6807665092753a5628d8d470888da4 |
|
14-Jan-2015 |
Shawn Willden <swillden@google.com> |
Add an AuthorizationSet method to count tag instances.
Change-Id: Ibaf05fd8061db9155cd5ecc7318c6031990d290e
/system/keymaster/authorization_set.cpp
|
| dfa1c030e941cba4e66b362854d84b19298353c9 |
|
07-Feb-2015 |
Shawn Willden <swillden@google.com> |
Add AAD support to AES OCB.
Also add OCB test vectors.
Change-Id: I33074bfea142aab334916c4567f92a6645fcab9f
/system/keymaster/authorization_set.cpp
|
| cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9a |
|
22-Jan-2015 |
Shawn Willden <swillden@google.com> |
Small enhancements to AuthorizationSet, to support softkeymaster
Change-Id: I09105b52c3542c11d2333c7788402c707373b028
/system/keymaster/authorization_set.cpp
|
| 941d1c4ad4422a796d90010191c11aef0580295e |
|
11-Dec-2014 |
Shawn Willden <swillden@google.com> |
Prevent GenerateKeyResponse from adding tags to created keys.
This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.
Change-Id: I85ef23050ee0beb0eb8ab7d4db4e3b9c40d1fe81
/system/keymaster/authorization_set.cpp
|
| 1834d5f82a7ad5884c184fd22c702ac9d915af45 |
|
08-Dec-2014 |
Shawn Willden <swillden@google.com> |
Remove redundant NULL checks on calls to memset_s.
This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.
Change-Id: I6f7ecb71fc03b9a821c81e1bc0f54952225d9da8
/system/keymaster/authorization_set.cpp
|
| 2dbe752a441cf8487b9b81772271e5abd18d0475 |
|
20-Jan-2015 |
Shawn Willden <swillden@google.com> |
Revert "Remove redundant NULL checks on calls to memset_s."
This reverts commit 356f6d4cf3d236e375a84e24b11359a5c1f1081f.
/system/keymaster/authorization_set.cpp
|
| 1f286a1072092f256b89fc2fa55504a1f53dd961 |
|
20-Jan-2015 |
Shawn Willden <swillden@google.com> |
Revert "Prevent GenerateKeyResponse from adding tags to created keys."
This reverts commit 7093570a8c71b9ffb350c6aab0dbafb59c419189.
/system/keymaster/authorization_set.cpp
|
| 7093570a8c71b9ffb350c6aab0dbafb59c419189 |
|
11-Dec-2014 |
Shawn Willden <swillden@google.com> |
Prevent GenerateKeyResponse from adding tags to created keys.
Change-Id: I1ae9f4ed8b01c3fff1a525b89c82ba58eb67f487
/system/keymaster/authorization_set.cpp
|
| 356f6d4cf3d236e375a84e24b11359a5c1f1081f |
|
08-Dec-2014 |
Shawn Willden <swillden@google.com> |
Remove redundant NULL checks on calls to memset_s.
Change-Id: I04ef8e2bc640a1a6ef7fe32b37b4d84313ae20af
/system/keymaster/authorization_set.cpp
|
| 149fd6f91fc769721f1a9da592554637d255ef4a |
|
18-Sep-2014 |
Shawn Willden <swillden@google.com> |
Remove dead code.
Change-Id: Idff3ea217df73deec37090551dfdbd80308fb780
/system/keymaster/authorization_set.cpp
|
| 98d9b92547a9a7553b99e3e941a4175926f95b62 |
|
26-Aug-2014 |
Shawn Willden <swillden@google.com> |
Reorganize system/keymaster.
This CL moves the includes that should be exported to include/ and
removes the trusty-specific code (some of which is moving to
hardware/google and some of which is moving to the trusty tree.)
Change-Id: Ie4fabf6b5c5f36b50c2f5ff356548ca2e9140fcb
/system/keymaster/authorization_set.cpp
|
| f2282b3c6690ccfaa7878886f01693ef4f0b3bed |
|
25-Aug-2014 |
Shawn Willden <swillden@google.com> |
Add some "fuzzing" tests for deserialization, and fixes for all of the
problems discovered.
Change-Id: I050344f6c6d0a19b7f3304d23729b4ca71c05042
/system/keymaster/authorization_set.cpp
|
| 62de26672193373972f2ce968b51cf8335f118f9 |
|
20-Aug-2014 |
Shawn Willden <swillden@google.com> |
Trusty test app.
Note that this code is in the wrong place. The right place is still
begin created so I'm putting them here for now. We'll move them when
it's ready.
Change-Id: Iab7384a531fd4a935dbeef0aebf2652eb06f6e03
/system/keymaster/authorization_set.cpp
|
| 437fbd195e7de57b7dc0c449c04458bd90ef50de |
|
20-Aug-2014 |
Shawn Willden <swillden@google.com> |
Add key importing, RSA only.
Change-Id: I639e797939a28b2b2a815541c9926dc194657c54
/system/keymaster/authorization_set.cpp
|
| 370121346777e13437c275fbe7a975d899cc325c |
|
19-Aug-2014 |
Shawn Willden <swillden@google.com> |
Added AuthorizationSet push_back method that takes a set.
This is needed for some key refactoring work. Also did some
AuthorizationSet refactoring here.
Change-Id: I681a2793838c1d68b22dc2a39258c30d7ab117bc
/system/keymaster/authorization_set.cpp
|
| 172f8c9be706e27f43022063bbc7f4b0177583ac |
|
17-Aug-2014 |
Shawn Willden <swillden@google.com> |
Housekeeping CL.
Make variable names and formatting more consistent. Also, add doxygen comments to Serializable.
Change-Id: I24ff138611111acf96112be74a04cc35f04908e0
/system/keymaster/authorization_set.cpp
|
| ebf627f0b50c0979e6cf53668464297703371eba |
|
12-Aug-2014 |
Shawn Willden <swillden@google.com> |
Allow building tests with Clang, and fix some bugs Clang diagnosed.
Change-Id: Ie213deadabdb9c84d4ea1d2f69b1beaa87165717
/system/keymaster/authorization_set.cpp
|
| 7636471bd1c553ac179f0dddc17133491d0e1faf |
|
12-Aug-2014 |
Shawn Willden <swillden@google.com> |
Implement GetKeyCharacteristics.
Still need to add serialization to the messages.
Change-Id: I572c48474bf4d4f553d53cad475b57fa8937a02a
/system/keymaster/authorization_set.cpp
|
| 74aff357261879dfa8366528a42c59b042c7bd05 |
|
11-Aug-2014 |
Shawn Willden <swillden@google.com> |
Implement and use secure memset to clear sensitive buffers.
Ordinary memset can be optimized away, leaking sensitive data to other
processes.
Change-Id: If4b51e342ef1f21d7e5fa8907bb0534b17bf295b
/system/keymaster/authorization_set.cpp
|
| 834e80747cbb960f8a4028c5c8604bf5218ecdb9 |
|
10-Aug-2014 |
Shawn Willden <swillden@google.com> |
Improve authorization_set test coverage.
Change-Id: I8dd1830db8c19be07cef768c63c9ecfa3e16ae21
/system/keymaster/authorization_set.cpp
|
| 8d336ae10df66da4c0433f17c2d42e85baea32c5 |
|
09-Aug-2014 |
Shawn Willden <swillden@google.com> |
Change authorization set serialization approach to ensure that 32 vs 64
bit size and alignment differences don't cause problems.
Change-Id: I4a308cfac782161db2f1456adb2d6a56537e61f1
/system/keymaster/authorization_set.cpp
|
| 58e1a5486219a1be9264d4e863a9dd3e393906c3 |
|
09-Aug-2014 |
Shawn Willden <swillden@google.com> |
Eliminate in-place serialization.
Not doing in-place serialization will result in greater heap
consumption, but eliminates many alignment-related issues. Given more
time, I'd prefer to solve the alignment issues by computing and
inserting appropriate padding, but we don't have the time.
Change-Id: I86e4bdf57263db26c73372ae2963f21c5f5f00aa
/system/keymaster/authorization_set.cpp
|
| 5ada7b6c525d2bfd5b556a698ccb11db23e052bb |
|
29-Jul-2014 |
Shawn Willden <swillden@google.com> |
Add AuthorizationSet class and some supporting utils and a Makefile for
running tests on the dev machine.
Change-Id: I608e660854ace71409dd8bb5395d83dcfbf803c0
/system/keymaster/authorization_set.cpp
|