History log of /system/keymaster/include/keymaster/logger.h
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
d599b15c0693950bdc72fb867872044fdc484ef5 28-Jul-2015 Shawn Willden <swillden@google.com> Do digesting, and sometimes padding, in SW when HW doesnt.

The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.

This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.

Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.

Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/include/keymaster/logger.h
de7e66c3692073eb967f01cc8281441709701e2d 23-May-2015 Shawn Willden <swillden@google.com> Change handling of debug log statments in non-debug builds.

The previous way had a problem when used in statments like:

if (foo)
LOG_D(...);

When built without debugging, this became:

if (foo)
;

Which is sort of okay, but the compiler complains. The new way also has
the advantage that the compiler always sees and checks the log
arguments. Given that it ends up compiling something like:

do {
if (0)
Logger::Debug(...);
} while (0);

It should optimize the entire block out, and should even discard the
literal string used for the format. So it's better all around.

Change-Id: I895141077f627a2d08dcb0d7d2d0799067a2c957
/system/keymaster/include/keymaster/logger.h
f35e8eea72e61a383bcbcbe204ff5628ae3bd4ac 17-Mar-2015 Shawn Willden <swillden@google.com> Remove obsolete keymaster logger methods.

Change-Id: I27415d026577b6e309071313303334d9470a5ce7
/system/keymaster/include/keymaster/logger.h
538b0654fd5096841e12da15271c74429a37be18 31-Dec-2014 Shawn Willden <swillden@google.com> Refactor logging, to stop passing Logger references everywhere.

Change-Id: I9380c21872710743413ca6a4340ae19f58b1e983
/system/keymaster/include/keymaster/logger.h
6f0b72fd8b0ea5c52d62dc5853318509b69db076 11-Sep-2014 Shawn Willden <swillden@google.com> Remove the keymaster::Logger::log() method and add debug().

Also, have the logger provide newlines, so every caller doesn't have to.

Change-Id: I9f009e7c2d5c686a0ca97e10daef92a846a57d9a
/system/keymaster/include/keymaster/logger.h
0a4df7e3a83a59e4a5abc3f605d7d7e9f636c682 29-Aug-2014 Shawn Willden <swillden@google.com> Add GoogleKeymaster implementation.

Squashed commit of the following:

commit 83804621f399f4bcab9281c0eecfcbefe56b054e
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 28 13:47:40 2014 -0600

Add more logging methods, to distinguish message priorities.

Change-Id: I2308af04eb699fb896d3e701a659945451304ddf

commit 2241bf042c54aa5099bbb99a76e9de0162b92d07
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 28 09:59:53 2014 -0600

Make keymaster_key_blob_t key_material const, to help prevent
accidental modification.

Change-Id: I505779ed677730d72c310fca1626b1093c71e90d

commit c0c85cf5104f698054d59b28c68f0461ebec2233
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 19:56:43 2014 -0600

Make GoogleKeymaster's logger public.

Change-Id: Idbe17e6b6ae7ab403d199323b8e20979a2e56c97

commit e46a43f403ba4fa66c505684ac173c1fa7c35584
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 10:35:36 2014 -0600

Add some test TODOs

Change-Id: Id209182f0d153d67dca09846be4df5ef02b74cf2

commit 81effc68a04810b76f0b10594d92df4ffbf35c6c
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 10:08:46 2014 -0600

Finish key import implementation.

This is the last bit of GoogleKeymaster that remained incomplete (for
the v0.3 functionality).

Change-Id: I27be52ae032883c004b2df21f0c7b229af512922

commit 368bc7749eaa2e1321d552e45a96d83b5500ba47
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 06:45:34 2014 -0600

Move key_blob.h in to include/keymaster, to export it.

Change-Id: If28db94840557e6ca3019b7bcf7b5f29f0ff6cf7

commit b3407024ccfec72831a76b9772a496ab81fc33ce
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 06:30:52 2014 -0600

Fix minor bug in operations.

Note that this bug isn't exposed by the v0.3 API, since it
doesn't allow multi-step signing/verification operations.

Change-Id: I18554e7e1017ed83d3708c134f72cf1d34857437

commit 960dd0749380857988c07d40feae7f252bb2209a
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 26 17:24:28 2014 -0600

Define remaining commands.

Change-Id: Ic68f172efa2b401bee1dcf14cbb94f72b86b31ae

commit 98d9b92547a9a7553b99e3e941a4175926f95b62
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 26 08:14:10 2014 -0600

Reorganize system/keymaster.

This CL moves the includes that should be exported to include/ and
removes the trusty-specific code (some of which is moving to
hardware/google and some of which is moving to the trusty tree.)

Change-Id: Ie4fabf6b5c5f36b50c2f5ff356548ca2e9140fcb

commit 407d41282d6b0a7f2d6e2826d44a58b016a5d844
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 16:49:13 2014 -0600

Implement TrustyKeymaster key generation, plus tests.

Change-Id: I085be101c735d136e7d5b2915a9510102722e695

commit 2f3be368e5ad911cc0b014421dd3682130260ffc
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 11:31:39 2014 -0600

Add the beginnings of logging infrastructure.

Change-Id: Ic36134402bfbb098d2242c463a3b4265d1d65209

commit f2282b3c6690ccfaa7878886f01693ef4f0b3bed
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 06:49:54 2014 -0600

Add some "fuzzing" tests for deserialization, and fixes for all of the
problems discovered.

Change-Id: I050344f6c6d0a19b7f3304d23729b4ca71c05042

commit b663b61f00b1a51a2535520aa726f788fffdf34b
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 18:54:45 2014 -0600

Fix OTE bug for keymaster.

Change-Id: I71d222ad9ed54098492dcc7b7f16d7c72d42923d

commit 2a4a48d51a057b33f83f09efae09bb354ec6a801
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 16:04:53 2014 -0600

Remove unused variable.

Change-Id: I6327f2092c23bd7aaae8aeda48915c3ac9259080

commit 5acebf56729f1307c4971a601ab38f6a320d0562
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 15:46:35 2014 -0600

Allow GoogleKeymaster caller to specify creation time, since Trusty can't.

Change-Id: Ia843704da726521f36ff4b954dcc6c1b6286f7be

commit 81d3b4fe9a86bae8bac2fb98877af04f39d11250
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 12:16:26 2014 -0600

Modify to be keymaster v0.3 compatible and add some debugging output.

Change-Id: Idc3e15b1af57fa9ddbdfc3a46f32f100b146fd83

commit 235cd7e70389c42ce26b832ad8ddcfefbc812fb7
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 17:37:08 2014 -0600

Remove Android.mk to unbreak AOSP build.

Change-Id: I9f78fee36874ff3681b3cc55c2081c1cae8cb343

commit 62de26672193373972f2ce968b51cf8335f118f9
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 14:14:49 2014 -0600

Trusty test app.

Note that this code is in the wrong place. The right place is still
begin created so I'm putting them here for now. We'll move them when
it's ready.

Change-Id: Iab7384a531fd4a935dbeef0aebf2652eb06f6e03

commit 437fbd195e7de57b7dc0c449c04458bd90ef50de
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 11:59:49 2014 -0600

Add key importing, RSA only.

Change-Id: I639e797939a28b2b2a815541c9926dc194657c54

commit 060e9b04445f91db31b2b412f944aa402b9e1a8d
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 20:27:45 2014 -0600

Make keymaster_defs.h compatible with v0.3 keymaster.h.

Change-Id: I53ae63c9fec3cc7131a1f1373e8bf4448252cc79

commit 3d3e1d388480a2c242a39f4bc5adf000728c8da5
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 16:28:25 2014 -0600

Add *.massif to .gitignore.

Change-Id: I77be33411f2cef6e0a2046489a8c153985b8040f

commit f268d742dbefe0e84b4046db7669c4ffbc110f7d
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 15:36:26 2014 -0600

Refactor export to use new key infrastructure, and work with all key types.

Change-Id: Ie1f621f9db855665d57cde93c24881415de33ca2

commit d67afae61f822463120c36fea846362450dd7d71
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 12:36:27 2014 -0600

Refactor key and operation details.

Change-Id: I80267e6184955ecd98b08ceab91f4afd50c67614

commit 370121346777e13437c275fbe7a975d899cc325c
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 08:15:57 2014 -0600

Added AuthorizationSet push_back method that takes a set.

This is needed for some key refactoring work. Also did some
AuthorizationSet refactoring here.

Change-Id: I681a2793838c1d68b22dc2a39258c30d7ab117bc

commit ffd790c9846b93d0af7b28b1998a9f8f8aa076a4
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 21:20:06 2014 -0600

Add key export, RSA only. (rileyspahn@google.com implemented).

Change-Id: I55c3497a1dc5360bfc8518a388b73776388a47e4

commit 5ac2f8ff7c82d2b5c2dd17273ce58c7806df0ec2
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 15:33:10 2014 -0600

Add ECDSA signing and verification.

Change-Id: Ic5345ebe6e79e3ee764c3a729dc551c61b87c79b

commit c3864dde9ffa9a52bb60802664e1cab1de5c0287
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 15:20:01 2014 -0600

Add ECDSA key generation.

Change-Id: I68a1d46e617124a8ccb7a4b2c09baae89603a5e0

commit 5b41ca2d7f106cc49315a8ecbac2f51fb445fb57
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 14:29:14 2014 -0600

Implement DSA signing and verification.

Change-Id: I22a1c4518bcd393d1183e10a906600488ec8e9c8

commit 61644f3d8a7f2374fd579cdeb76e841d4bc0efe0
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 13:43:14 2014 -0600

Small refactor of signing/verification tests, to facilitate DSA testing.

Change-Id: I68a8f83d85993f320a0e05e39cefc56bb2823b7d

commit 28e41475a2559824a0f3f2c850ed92a65c586f95
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 13:35:22 2014 -0600

Add DSA key generation.

Also refactor RSA key generation a bit.

Change-Id: I838ff58210f0a3be41f04c7e945e998751fca9f5

commit 802bb29cc190fb610367fdb7236ef9c2e93826f2
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 10:46:29 2014 -0600

Refactor GoogleKeymaster to move openssl RSA key-generation operations
to RsaOperation.

Change-Id: Id6c66bd431cf3f8895113108027920ffafef578b

commit da8485ea42e53839579575ec9fc2b49f7cf1a1f9
Author: Shawn Willden <swillden@google.com>
Date: Sun Aug 17 08:00:01 2014 -0600

Flesh out all remaining message structures, with serialization.

Still didn't implement recsoping messages, since they're not relevant
for 0.3.

Change-Id: Ia05a04349ff0329557b01d14f6c501540cc74439

commit 172f8c9be706e27f43022063bbc7f4b0177583ac
Author: Shawn Willden <swillden@google.com>
Date: Sun Aug 17 07:50:34 2014 -0600

Housekeeping CL.

Make variable names and formatting more consistent. Also, add doxygen comments to Serializable.

Change-Id: I24ff138611111acf96112be74a04cc35f04908e0

commit 43e999eed16a78cb6d48f1dfd11b33dee4d80a1a
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 13 13:29:50 2014 -0600

Add RSA verification.

Change-Id: Ie9ac37dba7ead62b0ca17054bbf6d2744cea5946

commit 1615f2ecf2537db7b302eb9b5be4394f711fd815
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 13 10:37:40 2014 -0600

Add RSA signing support.

Change-Id: Icdcbd978d58c8764618b995571d1e8b649959ef0

commit 60ebf8e49977683bc8cabe4609ce8b0405db7711
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 11:43:10 2014 -0600

Change to enable KEYMASTER_NAME_TAGS globally.

Selectively changing the size of the TypedTag structure causes subtle
problems when inlining is disabled (e.g. -O0).

Change-Id: I7f87a5a34eb574b0adaa8492f51fbcf2b172b4ca

commit ebf627f0b50c0979e6cf53668464297703371eba
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 11:15:29 2014 -0600

Allow building tests with Clang, and fix some bugs Clang diagnosed.

Change-Id: Ie213deadabdb9c84d4ea1d2f69b1beaa87165717

commit 7b83f18c17b5820f8fcc177fc58eb34cf7ef6d05
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 07:35:37 2014 -0600

Add .gitignore.

Change-Id: I08e9599c699debaddf815e9f65a781920c241e47

commit 7636471bd1c553ac179f0dddc17133491d0e1faf
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 17:48:04 2014 -0600

Implement GetKeyCharacteristics.

Still need to add serialization to the messages.

Change-Id: I572c48474bf4d4f553d53cad475b57fa8937a02a

commit 74aff357261879dfa8366528a42c59b042c7bd05
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 14:08:31 2014 -0600

Implement and use secure memset to clear sensitive buffers.

Ordinary memset can be optimized away, leaking sensitive data to other
processes.

Change-Id: If4b51e342ef1f21d7e5fa8907bb0534b17bf295b

commit 39b970bea81461af88f83e1c2329eb1b0f4d2e73
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 09:11:21 2014 -0600

Handle "hidden" authorization tags correctly.

Change-Id: I9fa18f8ab465a2faa0f358e12f72daf18ca02fe7

commit 834e80747cbb960f8a4028c5c8604bf5218ecdb9
Author: Shawn Willden <swillden@google.com>
Date: Sat Aug 9 16:38:53 2014 -0600

Improve authorization_set test coverage.

Change-Id: I8dd1830db8c19be07cef768c63c9ecfa3e16ae21

commit 8d336ae10df66da4c0433f17c2d42e85baea32c5
Author: Shawn Willden <swillden@google.com>
Date: Sat Aug 9 15:47:05 2014 -0600

Change authorization set serialization approach to ensure that 32 vs 64
bit size and alignment differences don't cause problems.

Change-Id: I4a308cfac782161db2f1456adb2d6a56537e61f1

commit 4db3fbdda292c0c3120dfe160c1b49670aa18600
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 22:13:44 2014 -0600

Refactor and expand KeyBlob capabilities.

KeyBlob's responsibilities have grown, it makes sense to make it a
first-class class, and to use the Serializable infrastructure.

Change-Id: I76a8dac5b4b4fe47d6677c27ab9eba2755f02dfe

commit 58e1a5486219a1be9264d4e863a9dd3e393906c3
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 21:58:29 2014 -0600

Eliminate in-place serialization.

Not doing in-place serialization will result in greater heap
consumption, but eliminates many alignment-related issues. Given more
time, I'd prefer to solve the alignment issues by computing and
inserting appropriate padding, but we don't have the time.

Change-Id: I86e4bdf57263db26c73372ae2963f21c5f5f00aa

commit 301646f55214ed693e79c7869d54033a74641907
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 21:44:10 2014 -0600

Correct the rest of the #include guard defines.

Change-Id: I8f2bf58f2bebb3f06ae4cd0f90f79d85acd42155

commit b10f3b26af1e3b382d9ef361b3eb5279d16a9c05
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 7 08:11:51 2014 -0600

Correct #include guard defines.

Change-Id: Ie05c78490f6f3fe8c194cc00c0c87e117508054d

commit 3879f8641d044cf53f4163dc5c46a1399006eb03
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 14:40:48 2014 -0600

Fix inclusion error.

Change-Id: I8f49b7e1547575e0bc4616836ed00d6e02c22879

commit f5bebad1ce284d8df37d3469f6b93ecc1522741c
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 14:17:53 2014 -0600

Put keymaster_defs.h in system/keymaster.

This file will eventually live in hardware/libhardware/include/hardware,
but for now it's convenient to have it here.

Change-Id: Ia25b59f905db5a54c2e69b5fb745dbd08d0fe303

commit 128ffe07c723d8ffe2d5ea528ba5f64436c8a55a
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 12:31:33 2014 -0600

Add GoogleKeymaster. Very incomplete.

Change-Id: I53542c7132bd1a04afee93f3247b88ed7ed0bedc

commit 5ada7b6c525d2bfd5b556a698ccb11db23e052bb
Author: Shawn Willden <swillden@google.com>
Date: Tue Jul 29 09:44:17 2014 -0600

Add AuthorizationSet class and some supporting utils and a Makefile for
running tests on the dev machine.

Change-Id: I608e660854ace71409dd8bb5395d83dcfbf803c0

commit 7a70abbf29293b30bb1e7ed3a58deb40f8774a53
Author: Bill Yi <byi@google.com>
Date: Mon Jul 28 21:38:52 2014 +0000

Initial empty repository

Change-Id: I199c7a0ca076cfdaba1fecf6109d573f3dca5801
/system/keymaster/include/keymaster/logger.h