History log of /system/keymaster/aes_operation.h
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
34419130408d2a6dcadd7b0f1b6d2c9c4002bbac 09-Jun-2015 Shawn Willden <swillden@google.com> GCM tags in ciphertext, rather than in params.

Also, handle AAD correctly.

Bug: 21786749
Change-Id: I26a413f39daf3bd946ed494c7c3b5c6f559fb30b
/system/keymaster/aes_operation.h
0f39256c68dc689b2eb8b604c4d39f17b9300363 02-Jun-2015 Shawn Willden <swillden@google.com> Add AES-GCM mode.

Bug: 19919114
Change-Id: I27efed097efbd93d587a50f5d82fad80a96e7527
/system/keymaster/aes_operation.h
ded8e7d0ad241fc0a930dbebbd9f2e2bf4e929a2 01-Jun-2015 Shawn Willden <swillden@google.com> Pass output params down to operations.

Change-Id: Ibd6956f6b8ef42f272d922050a7e5da3d78cffb7
/system/keymaster/aes_operation.h
0629810b145187575bc26c910dded0d24c64569d 26-May-2015 Shawn Willden <swillden@google.com> Another refactor, deleting AbstractFactoryRegistry.

I should have known better than to make these singletons to begin
with. Globals create problems. This undoes that mistake.

Change-Id: Idf61d5f72e3c34b5c4ddb27cc94b05f506561743
/system/keymaster/aes_operation.h
0cb6942d3efb6c056f96321c82a4b3d86af601d6 26-May-2015 Shawn Willden <swillden@google.com> Revert "Revert "Large refactor to move context out of AndroidKeymaster.""

This reverts commit 13fbe3e93247943c26e7ca2ed27b6d650282b8bf.

Bug: 20912868, 19799085
Change-Id: Iadd6ce5cbe94956c2a2fe277f1bf5b108e4bcf57
/system/keymaster/aes_operation.h
13fbe3e93247943c26e7ca2ed27b6d650282b8bf 23-May-2015 Shawn Willden <swillden@google.com> Revert "Large refactor to move context out of AndroidKeymaster."

This reverts commit 8ba2a043f0d44ad3f58d4af518f9391c03eca9c3.

I need to update the Volantis non-secure code in sync. Reverting while I get that done.

Change-Id: I0fb9f928e7e624ad678050a04bb873b43b1c9a48
/system/keymaster/aes_operation.h
8ba2a043f0d44ad3f58d4af518f9391c03eca9c3 18-May-2015 Shawn Willden <swillden@google.com> Large refactor to move context out of AndroidKeymaster.

AndroidKeymaster made a number of assumptions about its context that are
really only valid for TEE-based usage. In addition, KeyFactory made
some similarly TEE-focused assumptions about key blob creation and
parsing.

Both concerns have been moved to a new KeymasterContext class, which is
responsible for building and parsing key blobs in a manner appropriate
for the context in which AndroidKeymaster is running, as well as
providing other context-specific services, such as random number
generation.

In addition, the refactor reduces the need for the KeyBlob and
UnencryptedKeyBlob classes, which encode too many assumptions about blob
formatting and encryption, to the point that they can be removed and
replaced by a handful of utility functions which are much cleaner and
more flexible.

How to review this CL:

I looked hard at breaking this up into smaller CLs, but it's mostly not
feasible. However, it's probably easier to approach it by starting with
the fundamental changes, and then looking at the cascade effects.

1. Look at keymaster_context.h. The core of the change was pulling this
set of features out of AndroidKeymaster. Note that the revised approach
to key blob creation does not involve the KeyBlob and UnencryptedKeyBlob
classes, but instead goes directly from raw key material plus ancillary
data (e.g. auth sets) to a serialized buffer ready to return to
keystore. The same is true in reverse direction for parsing key blobs.

2. Look at key.h. The revised KeyFactory GenerateKey, ImportKey and
LoadKey methods are essential. GenerateKey and ImportKey no longer
produce a Key object, because all that's needed is a returnable blob.
LoadKey produces a Key object, but it starts with raw key material,
rather than an UnencryptedKeyBlob. Also note the change to the Key
class; because Key objects are only created by LoadKey, when there's a
need to use a key, there's only one constructor.

3. Look at asymmetric_key.h, rsa_key.h and rsa_key.cpp. rsa_key.cpp
provides a good example of how the new structure works. GenerateKey and
ImportKey do all of the work necessary to produce an OpenSSL RSA key and
extract the internal representation (using EvpToKeyMaterial; defined in
asymmetric_key.h because it's the same for EC keys). Then, with the raw
key data in hand, they call KeymasterContext::CreateKeyBlob to wrap the
key data in a key blob that can be returned to the caller -- whatever
that wrapping means in the current context. There's a subtlety not
apparent here which is crucial to the rationale for the refactoring:
RsaKeyFactory uses KeymasterContext::get_instance to retrieve the
context, but key factories which depend on operating in a particular
context can use a different way to get their context object, which may
have a larger interface. RsaKeymaster0KeyFactory will do this.

4. Look at soft_keymaster_context. In
particular, SoftKeymasterContext::CreateKeyBlob and ParseKeyBlob.
CreateKeyBlob allocates authorization tags from key_description to
hw_enforced and sw_enforced, then encrypts the key material and
serializes it to a blob. This approach is compatible with the keys
softkeymaster has been producing, but I'm going to change it (post M),
because there's no reason to bother encrypting SW keys with a SW key.
ParseKeyBlob reverses the process to recover the unencrypted key
material and the auth lists. One debatable point was the decision to
implement BuildHiddenAuthorizations and SetAuthorizations here, since
all contexts will need something similar, and they really should all do
it the same. I may refactor later to pull that functionality up to
KeymasterContext; it will depend on what I learn implementing
TrustyKeymasterContext and HybridKeymasterContext (used for the
keymaster0 adapter).

5. Look at ocb_utils and auth_encrypted_key_blob. These contain the key
encryption and key blob serialization code which was formerly split
between AndroidKeymaster::SerializeKeyBlob, UnencryptedKeyBlob and
KeyBlob, now divided into separate encryption and serialization
utilities. Note the refactored key_blob_test.cpp, updated to use the
new utilities rather than UnencryptedKeyBlob.

6. Look at soft_keymaster_device.cpp. Since KeyBlob no longer exists to
provide a nice way to peer into a blob to extract the algorithm, for use
in determining how to parse the keymaster0 signing key params (which
come in as a void*, yuck), we now have to use get_key_characteristics to
recover the params. This was the right way all along; the device layer
should not depend on being able to parse key blobs.

7. The rest.

Bug: 20912868, 19799085
Change-Id: Ieb74b8da39974f674eb8baa959bde75011fdd2e8
/system/keymaster/aes_operation.h
6770635e8ba485102be7a629ba936d8f5cf3d3ab 28-Apr-2015 Shawn Willden <swillden@google.com> Diagnose erroneous caller nonce/IV.

Bug: 20127433
Change-Id: Ic8ec74daf4b732aea6a393fe5f0ed4abe9e6eef2
/system/keymaster/aes_operation.h
c47c88f1a9ec3fce5e8116b9b5572b58783f56d0 08-Apr-2015 Shawn Willden <swillden@google.com> Remove OCB Mode.

Change-Id: I8f804978208e2c8701bd52dc79b5597a307b7e7a
/system/keymaster/aes_operation.h
92b69a300beb364bfab57a16d1e965dcdf755d4a 14-Mar-2015 Shawn Willden <swillden@google.com> Fix delete/delete[] mismatch & check for failed alloc.

Change-Id: Ieb73e5cb11869436771bf463d41e5510d6b93507
/system/keymaster/aes_operation.h
7a62f5e84c579b85104fd617040a57b5dcb9fef2 10-Mar-2015 Shawn Willden <swillden@google.com> Handle AES CBC IVs via input/output params.

Change-Id: Idd98103943e661e0940f274c3b3342192d211438
/system/keymaster/aes_operation.h
dfa1c030e941cba4e66b362854d84b19298353c9 07-Feb-2015 Shawn Willden <swillden@google.com> Add AAD support to AES OCB.

Also add OCB test vectors.

Change-Id: I33074bfea142aab334916c4567f92a6645fcab9f
/system/keymaster/aes_operation.h
f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3 31-Dec-2014 Shawn Willden <swillden@google.com> Add AES ECB, CBC, OFB and CFB support.

Change-Id: I7a4e8eaa3be5f20e87ab1f16b0b6bfc1fa47b74c
/system/keymaster/aes_operation.h
567a4a04f43d35b785d50508e6459b01f2ab4d14 31-Dec-2014 Shawn Willden <swillden@google.com> Switch to using global logger

Change-Id: I7af02342320a9a431cd9845baaf5dbcf61d460c2
/system/keymaster/aes_operation.h
95e1382b75bab7d8b4cce3c1267fa23df2006957 16-Dec-2014 Shawn Willden <swillden@google.com> Refactor AesKey, extracting most functionality to SymmetricKey.

Symmetric key material handling is the same for all symmetric keys
(except, perhaps, DES if we want to handle parity bits correctly), so
move it into a common base.

Change-Id: I6ad5d35ce9020c1ae155bf0a8f2efe35674b1604
/system/keymaster/aes_operation.h
6dde87c27ec620c0962507b58ece3fbe94bbff02 11-Dec-2014 Shawn Willden <swillden@google.com> Add AES OCB decryption.

Also, refactor to extract functionality that will be common to all AEAD modes.

Change-Id: I4bcf12c9d2d464ab1af559c69031904ffae45e25
/system/keymaster/aes_operation.h
907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfc 08-Dec-2014 Shawn Willden <swillden@google.com> Add support for AES OCB encryption.

This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.

Change-Id: Ibc80bec7e47468d4eb668f1bd9a188e51cb7d567
/system/keymaster/aes_operation.h
29d898717bc48ca59cd3fb1e30efdad36f13ccec 20-Jan-2015 Shawn Willden <swillden@google.com> Revert "Add support for AES OCB encryption."

This reverts commit 5e251019d7402f4bf43b7acf287cf69372885f1b.
/system/keymaster/aes_operation.h
5e251019d7402f4bf43b7acf287cf69372885f1b 08-Dec-2014 Shawn Willden <swillden@google.com> Add support for AES OCB encryption.

Change-Id: I97ab46fdce972d29af261041c41cf38d6904e736
/system/keymaster/aes_operation.h