ba0d5d01bde427b7d7a22cec84cd9304c00b4e14 |
|
25-Apr-2016 |
Shawn Willden <swillden@google.com> |
Fix SoftKeymaster handling of EC curve specification. Keymaster2 should accept EC curve specification either by key size (as done in KM1) or with the new KM_TAG_EC_CURVE, filling in the other value if not specified, and validating that they match if both are provided. SoftKeymaster doesn't correctly implement this KM2 requirement. Bug: 28365747 Change-Id: I27d98b71730b69bb2f0c2543af6c027b1a5670f1
/system/keymaster/android_keymaster_test.cpp
|
c15af1910d8f451341d0068b5533816ace5defec |
|
10-Mar-2016 |
Shawn Willden <swillden@google.com> |
Implement key version binding. Change-Id: If0f3bc12380b8b65bf1e60d5d8d039eb972c8a15
/system/keymaster/android_keymaster_test.cpp
|
3609584c328ea66f95478dded394ad4697779450 |
|
10-Mar-2016 |
Shawn Willden <swillden@google.com> |
Correct attestation record. This CL updates the attestation record content and format to match the final version published in the keymaster2 implementation guide. Change-Id: I112c7557b1c650420fd2fad78c8ed3fc9e34f24e
/system/keymaster/android_keymaster_test.cpp
|
22dcdb75fc2d1aa9a25b9aadb65d4dcb31e8c647 |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Add version, challenge and unique ID to attestation. Bug: 22914603 Change-Id: I5ad9a97dd1eebb45c05eeaa4ceccfebcf4b69e03
/system/keymaster/android_keymaster_test.cpp
|
86a0b87bcc77bd24cedbcdc82699414de7345030 |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add attestation support to SoftKeymaster."" This reverts commit 0fc3ef6f2de4f2204f121e3080a17203bf847cae. Change-Id: I658ad32b281ab74d3beeee66794b31f193e6d404
/system/keymaster/android_keymaster_test.cpp
|
0fc3ef6f2de4f2204f121e3080a17203bf847cae |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add attestation support to SoftKeymaster." This reverts commit fc3cafd487e69c84d83444e1d129d0ab131c4e3d. Change-Id: I1fb38db044c4039be04d1f75fb89ca9a6404321f
/system/keymaster/android_keymaster_test.cpp
|
5dfdd6679189f5de34018f4f83ccde14a5ebfde3 |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to SoftKeymaster. am: fc3cafd487 am: 231a98f097 * commit '231a98f0977ce41778a50925ae3f8bf0749db608': Add attestation support to SoftKeymaster.
|
fc3cafd487e69c84d83444e1d129d0ab131c4e3d |
|
11-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to SoftKeymaster. Bug: 22914603 Change-Id: I7650f1b691665bce3024556c2ea38e122c9cb2cf
/system/keymaster/android_keymaster_test.cpp
|
5c3e38b3f972125e36ef0540bde68c3dfb89f4e8 |
|
26-Jan-2016 |
Shawn Willden <swillden@google.com> |
Update unit tests to use keymaster2 interface. am: 1937c715b3 am: f7c4bdbd02 * commit 'f7c4bdbd025e6c20647ee5575d29bce144e1491e': Update unit tests to use keymaster2 interface.
|
b6179f4bec118299e89ce1b6ef6480570880afd9 |
|
26-Jan-2016 |
Shawn Willden <swillden@google.com> |
Set RSA PSS salt length equal to digest length. This is for compatibility with Bouncy Castle. Bug: 25770609 Change-Id: I2ada4d7b24711fc8d49a031ce04cbcf19fb949c0
/system/keymaster/android_keymaster_test.cpp
|
1937c715b39044e024e9eda98a09dee84142e9b2 |
|
06-Jan-2016 |
Shawn Willden <swillden@google.com> |
Update unit tests to use keymaster2 interface. We no longer test the keymaster1 interface. That's okay, because it will be gone shortly. Change-Id: Id30c2fcda5d535165a0081a783b2252c112e5474
/system/keymaster/android_keymaster_test.cpp
|
01d8f24c45067bc3d909e3aae9a72582f3c985a1 |
|
16-Nov-2015 |
Shawn Willden <swillden@google.com> |
Fix pass-through of deletion on wrapped KM0 and KM1. SoftKeymasterDevice was incorrectly directly sending deletion requests to wrapped hardware. In some cases the key blob passed in by SoftKeymasterDevice is a hardware blob encapsulated by a wrapper, and we need to remove the encapsulation before passing it on. Bug: 25676862 Change-Id: Ic315c6b08d9ec15aa0be8f28f485a221bc7f1135
/system/keymaster/android_keymaster_test.cpp
|
e9fb087a8245e26483e8865515c919c83ed84c5b |
|
23-Oct-2015 |
Shawn Willden <swillden@google.com> |
Return correct error from keymaster0engine for large RSA input Also, ensure that we always put some error on the OpenSSL error queue whenever a wrapped keymaster0 operation fails. Higher layers will look a the last entry on the queue and use it to determine what error code to return. Not putting any error on the queue means that those higher layers will get whatever error was last enqueued, making the result effectively random. Non-determinism bad. Bug: 25337630 Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
/system/keymaster/android_keymaster_test.cpp
|
b492f7082a7a95dc9360f40ea829c458f5d0b5a9 |
|
16-Oct-2015 |
Shawn Willden <swillden@google.com> |
Fix incorrect initializer in keymaster tests. Change-Id: Ic78b0fa12bda1cd361fd505e13002651861c72ef
/system/keymaster/android_keymaster_test.cpp
|
2ff74dcb3817ae32850e23e3a70bcf8cb274d442 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt. The keymaster1 specification only requires HW modules to implement SHA256 out of the list of keymaster1 digest modes. That would force many keys to be software only, and would break legacy scenarios. This change uses SoftKeymasterDevice to front keymaster modules that don't implement the full suite of digests, quietly inserting KM_DIGEST_NONE and KM_PAD_NONE into key generation/import requests when necessary, then performing the digesting, and sometimes padding, in software, then delegating crypto operations to the hardware. This is only done for RSA and EC keys. Software digesting isn't possible for HMAC or AES-GCM keys. Note that this is not the complete fix for the bug. Some changes in keystore are also required, coming in another CL. Bug: 24873723 Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/android_keymaster_test.cpp
|
c0a63805e4f21e46cc533ec0938306ca997c9a2d |
|
30-Jul-2015 |
Shawn Willden <swillden@google.com> |
Left-pad messages when doing "unpadded" RSA operations. When RSA messages that are shorter than the key size, and padding is not applied, BoringSSL (sensbibly) refuses, because odds are very high that the caller is doing something dumb. However, this causes some (dumb) things that used to work to no longer work. This CL also fixes the error code returned when a message is signed or encrypted which is the same length as the public modulus but is numerically larger than or equal to the public modulus. Rather than KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT. Bug: 22599805 Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
/system/keymaster/android_keymaster_test.cpp
|
df5eec89e97846edd3bda871e55dc03266476b62 |
|
30-Jul-2015 |
Shawn Willden <swillden@google.com> |
Merge "Revert "Revert "Report keymaster0 keys as hardware-backed, origin unknown.""" into mnc-dev
|
34f09c52b08e654b8b76d9796240a5104c13a4a8 |
|
24-Jul-2015 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Report keymaster0 keys as hardware-backed, origin unknown."" This reverts commit 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515. Bug: 22511313 Change-Id: I9c31b8ef604d961e20652c69498324b9dfce5911
/system/keymaster/android_keymaster_test.cpp
|
5cf45028751471f79d9f8a390f64fe9412acd53a |
|
20-Jul-2015 |
Shawn Willden <swillden@google.com> |
Make NONE mean NONE only (not ANY) KM_DIGEST_NONE and KM_PAD_NONE have implicit meanings of "any digest" and "any padding", respectively, as well as the expected meanings of "no digest" and "no padding". This CL changes that so they mean only "no digest" and "no padding". Bug: 22556114 Change-Id: I7b0b4c079067d85ba1aa39ae7edf0c6b17a9a500
/system/keymaster/android_keymaster_test.cpp
|
3ac35814df71dce203c9b3cc1a937b178f7dc9c7 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Merge "Use minimum 20 bytes salt for RSA PSS." into mnc-dev
|
0e0cea3bc8aea903a50c1ee18e9f3309e9f67515 |
|
23-Jul-2015 |
Shawn Willden <swillden@google.com> |
Revert "Report keymaster0 keys as hardware-backed, origin unknown." This reverts commit 9972a539acb4d17368ee607465d61b48acd71bde. Change-Id: Id5beb9c8ae8f3b106adc5f5e62eca0194b926be8
/system/keymaster/android_keymaster_test.cpp
|
53488c665d57bf64ed7cf45b72599cff29c517c3 |
|
17-Jul-2015 |
Shawn Willden <swillden@google.com> |
Use minimum 20 bytes salt for RSA PSS. This is for compatibility with Bouncy Castle. Bug: 22492259 Change-Id: I753e5fd223404ba960b6a35862bbd20f519f369b
/system/keymaster/android_keymaster_test.cpp
|
9972a539acb4d17368ee607465d61b48acd71bde |
|
16-Jul-2015 |
Shawn Willden <swillden@google.com> |
Report keymaster0 keys as hardware-backed, origin unknown. Bug: 22511313 Change-Id: I699df8010e27a546b2186896890c0099bfb149ae
/system/keymaster/android_keymaster_test.cpp
|
33ab0389e908b98702806c746e7babc0d46eb452 |
|
08-Jul-2015 |
Shawn Willden <swillden@google.com> |
Add support for KM_TAG_MIN_MAC_LENGTH. HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at creation, and operations may not specify a length smaller than the minimum, or provide a length smaller than the minimum during verification. Bug: 22337277 Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433
/system/keymaster/android_keymaster_test.cpp
|
7d05d88dc44b18e0350f7fe8d28c20f2f643bb80 |
|
10-Jul-2015 |
Shawn Willden <swillden@google.com> |
Use specified digest for RSA OAEP. Bug: 22405614 Change-Id: Ia5eb67a571a9d46acca4b4e708bb8178bd3acd0d
/system/keymaster/android_keymaster_test.cpp
|
0d061c80d06f94291568e725f9eb649962a80352 |
|
09-Jul-2015 |
Shawn Willden <swillden@google.com> |
Truncate too-long digests for keymaster 0 ECDSA sign operations BoringSSL doesn't pre-truncate too-long digests before calling the ECDSA sign operation via the ENGINE interface, and TrustyKeymaster is picky about accepting them. This means that trying to sign a message with, say, a 256-bit key and a 384-bit hash fails on Volantis. This CL also corrects an error in get_supported_digests for ECDSA, which was advertising support for MD5. BoringSSL doesn't support ECDSA with MD5 and we're not offering it in the JCA API, so the solution is simply not to advertise it and to return a better error code if it's requested anyway. Bug: 22355708 Change-Id: Iba2dad6953db7eda23951760b734f499a13c5191
/system/keymaster/android_keymaster_test.cpp
|
e23a2c91145e2294915e5d0cc5d7591c1aa82aca |
|
06-Jul-2015 |
Shawn Willden <swillden@google.com> |
Fix enforcement of block mode and MAC length on AES ops Bug: 22301168 Change-Id: I54b4efffa1786b08704dd6e785360870f155ed80
/system/keymaster/android_keymaster_test.cpp
|
5532a085818bdf27ede33c9199024b86023e5961 |
|
01-Jul-2015 |
Shawn Willden <swillden@google.com> |
Allow any padding mode to be used with keys with KM_PAD_NONE. Bug: 22229156 Change-Id: I5de66c3ed86244452e7776bff9523e35030713e9
/system/keymaster/android_keymaster_test.cpp
|
ebc99a15e324d9f1cfaf681a8c95676984f16f08 |
|
26-Jun-2015 |
Shawn Willden <swillden@google.com> |
Support creation and use of HMAC keys with KM_DIGEST_NONE KM_DIGEST_NONE should mean "any digest" when applied to HMAC keys, allowing any valid digest to be specified during begin() of an HMAC signature or verification operation. Bug: 22119295 Change-Id: I4698435f5d7aaf0a2f66b9c7aa4097f60c9c6eb3
/system/keymaster/android_keymaster_test.cpp
|
ada4850659d484dd5ece26dde73072bef16c1517 |
|
25-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add authorization enforcement to AndroidKeymaster. Note: Moving List.h into system/keymaster is unfortunate, but required to allow Trusty to use it. b/22088154 tracks cleaning this up. Bug: 19511945 Change-Id: Ia1dfe5fda5ea78935611b0a7656b323770edcbae
/system/keymaster/android_keymaster_test.cpp
|
2101e9e8215cce6da36d8d7382486737b68e8c93 |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Handle ECDSA messages that may be a few bits longer than the key. Also fix an RSA error message. Bug: 22064177 Change-Id: If52b29a3e870e0318d9ecc0f124074a013cb491a
/system/keymaster/android_keymaster_test.cpp
|
0afa3c8a03fc817279bdf0f46abe3dc7a3fd53e1 |
|
22-Jun-2015 |
Shawn Willden <swillden@google.com> |
Require and handle digest for OAEP mode. Bug: 21998286 Change-Id: I03b21da6a71b7a7a01f3743f01925719191b0124
/system/keymaster/android_keymaster_test.cpp
|
d530305019e1ccc1e30a4f8edeb88db3d126e235 |
|
22-Jun-2015 |
Shawn Willden <swillden@google.com> |
Validate input sizes for RSA and ECDSA signing/verification ops. Bug: 21955742 Change-Id: I4385a6539229b174facd5f04ce0391e2e8c3608d
/system/keymaster/android_keymaster_test.cpp
|
294a2db0e5f2eb46d84e4f5c9ce25245ac474147 |
|
17-Jun-2015 |
Shawn Willden <swillden@google.com> |
Don't enforce purpose, digest or padding on public key operations Bug: 21877150 Change-Id: Iaf00c94aaca892a154aea7aa4e3828bfbd8d9630
/system/keymaster/android_keymaster_test.cpp
|
34419130408d2a6dcadd7b0f1b6d2c9c4002bbac |
|
09-Jun-2015 |
Shawn Willden <swillden@google.com> |
GCM tags in ciphertext, rather than in params. Also, handle AAD correctly. Bug: 21786749 Change-Id: I26a413f39daf3bd946ed494c7c3b5c6f559fb30b
/system/keymaster/android_keymaster_test.cpp
|
c7fe06da6dd4a7e5416a8b68a57ba563fbce72a0 |
|
11-Jun-2015 |
Shawn Willden <swillden@google.com> |
Restore support for old unversioned OCB-encrypted blobs. This support was inadvertently removed in a refactor. There aren't many of these keys around, since they were only created by pre-release verions of Nexus 9 software, but we'll support them anyway. Change-Id: I46c4e9a2866c02b8030d7aef97bb64c45441168b
/system/keymaster/android_keymaster_test.cpp
|
bfd9ed7f5c50cdfa310cb0f21c7706e99b780738 |
|
11-Jun-2015 |
Shawn Willden <swillden@google.com> |
Make KM_PAD_NONE and KM_DIGEST_NONE mean any padding or digest. Bug: 21777596 Change-Id: I3574156902c8e28b42f36462a9aef3f11ce938d3
/system/keymaster/android_keymaster_test.cpp
|
3e37f0a2c3ccd3606aed6dc4aea4a2c8c6cf7f55 |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix unused variable issues Also adds -Wunused to bring gcc's -Werror inline with clang's to prevent similar build errors later. Bug:21583577 Change-Id: Ia051adbb3ea92a8ace914ad958a73348d70cca17
/system/keymaster/android_keymaster_test.cpp
|
ccb84e9118c6a89fedbb2be68bb629a0063eeda5 |
|
03-Jun-2015 |
Shawn Willden <swillden@google.com> |
Fix support of HW keymaster0 keys. Bug: 21593823 Change-Id: Id9ed06b1c6805b1cff36577910715eda7727eef4
/system/keymaster/android_keymaster_test.cpp
|
0f39256c68dc689b2eb8b604c4d39f17b9300363 |
|
02-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add AES-GCM mode. Bug: 19919114 Change-Id: I27efed097efbd93d587a50f5d82fad80a96e7527
/system/keymaster/android_keymaster_test.cpp
|
30160842424ee43690247a0ec4e2858d2bb5d694 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add support for unpadded RSA encryption. Bug: 21499189 Change-Id: I895e566f769691f70f431b2ed139e0c94b0f6ab9
/system/keymaster/android_keymaster_test.cpp
|
2bf4ad32f195bd734e4d7e7d4ac52c051f182fbf |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Support all digests for RSA. Also switch to using the EVP APIs where possible for RSA ops. Change-Id: I092a5c7598073980d36ce5137cfe17f0499a10b9
/system/keymaster/android_keymaster_test.cpp
|
efbd7e432228cf1e65abb6d85dffa38ec03f7a26 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add support for all digests for ECDSA. Also, switch to useing the EVP API rather than the ECDSA API. Bug: 21048758 Change-Id: I088b3332285ce2060cac5a7282ec42bea2fa5950
/system/keymaster/android_keymaster_test.cpp
|
6270aca8571399aca8ea538acd7386ddecdcc112 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate ECDSA keys to keymaster0 in SoftKeymasterDevice. Bug: 20912868 Change-Id: If63899e3244aed45d939d0165e6d94a1caa9d220
/system/keymaster/android_keymaster_test.cpp
|
4f83b89b2bdb1dacfa1c208786e29c0cd66f0b15 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Fix broken ECDSA default key size test. Change-Id: I3b98c0e0463efcbe3d7498a2f71353ed669a11d9
/system/keymaster/android_keymaster_test.cpp
|
2beb628bfefae72fa6bb84a6235da7e3de532823 |
|
21-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate RSA keys to keymaster0 in SoftKeymasterDevice. Bug: 20912868 Change-Id: I515a125f1247357d2cd9b4633c3b223590848093
/system/keymaster/android_keymaster_test.cpp
|
58427c44b9261035351d2eee604a299c0b46dbb4 |
|
20-May-2015 |
Shawn Willden <swillden@google.com> |
Make Keymaster1Test parameterizable. This enabled running the same test suite across different implementations. Bug: 20912868 Change-Id: Iaa2c4bcb38224d090aa54184a042375eb835ad60
/system/keymaster/android_keymaster_test.cpp
|
7bae132f732a73dc53b5ffc5e3eed0176e93a00c |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Fix off-by-one error in PKCS#1 v1.5 encryption padding size. Change-Id: I0fdfe3223b351d4a064e5dac0aa5d732fa0ab073
/system/keymaster/android_keymaster_test.cpp
|
0cb6942d3efb6c056f96321c82a4b3d86af601d6 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Large refactor to move context out of AndroidKeymaster."" This reverts commit 13fbe3e93247943c26e7ca2ed27b6d650282b8bf. Bug: 20912868, 19799085 Change-Id: Iadd6ce5cbe94956c2a2fe277f1bf5b108e4bcf57
/system/keymaster/android_keymaster_test.cpp
|
13fbe3e93247943c26e7ca2ed27b6d650282b8bf |
|
23-May-2015 |
Shawn Willden <swillden@google.com> |
Revert "Large refactor to move context out of AndroidKeymaster." This reverts commit 8ba2a043f0d44ad3f58d4af518f9391c03eca9c3. I need to update the Volantis non-secure code in sync. Reverting while I get that done. Change-Id: I0fb9f928e7e624ad678050a04bb873b43b1c9a48
/system/keymaster/android_keymaster_test.cpp
|
8ba2a043f0d44ad3f58d4af518f9391c03eca9c3 |
|
18-May-2015 |
Shawn Willden <swillden@google.com> |
Large refactor to move context out of AndroidKeymaster. AndroidKeymaster made a number of assumptions about its context that are really only valid for TEE-based usage. In addition, KeyFactory made some similarly TEE-focused assumptions about key blob creation and parsing. Both concerns have been moved to a new KeymasterContext class, which is responsible for building and parsing key blobs in a manner appropriate for the context in which AndroidKeymaster is running, as well as providing other context-specific services, such as random number generation. In addition, the refactor reduces the need for the KeyBlob and UnencryptedKeyBlob classes, which encode too many assumptions about blob formatting and encryption, to the point that they can be removed and replaced by a handful of utility functions which are much cleaner and more flexible. How to review this CL: I looked hard at breaking this up into smaller CLs, but it's mostly not feasible. However, it's probably easier to approach it by starting with the fundamental changes, and then looking at the cascade effects. 1. Look at keymaster_context.h. The core of the change was pulling this set of features out of AndroidKeymaster. Note that the revised approach to key blob creation does not involve the KeyBlob and UnencryptedKeyBlob classes, but instead goes directly from raw key material plus ancillary data (e.g. auth sets) to a serialized buffer ready to return to keystore. The same is true in reverse direction for parsing key blobs. 2. Look at key.h. The revised KeyFactory GenerateKey, ImportKey and LoadKey methods are essential. GenerateKey and ImportKey no longer produce a Key object, because all that's needed is a returnable blob. LoadKey produces a Key object, but it starts with raw key material, rather than an UnencryptedKeyBlob. Also note the change to the Key class; because Key objects are only created by LoadKey, when there's a need to use a key, there's only one constructor. 3. Look at asymmetric_key.h, rsa_key.h and rsa_key.cpp. rsa_key.cpp provides a good example of how the new structure works. GenerateKey and ImportKey do all of the work necessary to produce an OpenSSL RSA key and extract the internal representation (using EvpToKeyMaterial; defined in asymmetric_key.h because it's the same for EC keys). Then, with the raw key data in hand, they call KeymasterContext::CreateKeyBlob to wrap the key data in a key blob that can be returned to the caller -- whatever that wrapping means in the current context. There's a subtlety not apparent here which is crucial to the rationale for the refactoring: RsaKeyFactory uses KeymasterContext::get_instance to retrieve the context, but key factories which depend on operating in a particular context can use a different way to get their context object, which may have a larger interface. RsaKeymaster0KeyFactory will do this. 4. Look at soft_keymaster_context. In particular, SoftKeymasterContext::CreateKeyBlob and ParseKeyBlob. CreateKeyBlob allocates authorization tags from key_description to hw_enforced and sw_enforced, then encrypts the key material and serializes it to a blob. This approach is compatible with the keys softkeymaster has been producing, but I'm going to change it (post M), because there's no reason to bother encrypting SW keys with a SW key. ParseKeyBlob reverses the process to recover the unencrypted key material and the auth lists. One debatable point was the decision to implement BuildHiddenAuthorizations and SetAuthorizations here, since all contexts will need something similar, and they really should all do it the same. I may refactor later to pull that functionality up to KeymasterContext; it will depend on what I learn implementing TrustyKeymasterContext and HybridKeymasterContext (used for the keymaster0 adapter). 5. Look at ocb_utils and auth_encrypted_key_blob. These contain the key encryption and key blob serialization code which was formerly split between AndroidKeymaster::SerializeKeyBlob, UnencryptedKeyBlob and KeyBlob, now divided into separate encryption and serialization utilities. Note the refactored key_blob_test.cpp, updated to use the new utilities rather than UnencryptedKeyBlob. 6. Look at soft_keymaster_device.cpp. Since KeyBlob no longer exists to provide a nice way to peer into a blob to extract the algorithm, for use in determining how to parse the keymaster0 signing key params (which come in as a void*, yuck), we now have to use get_key_characteristics to recover the params. This was the right way all along; the device layer should not depend on being able to parse key blobs. 7. The rest. Bug: 20912868, 19799085 Change-Id: Ieb74b8da39974f674eb8baa959bde75011fdd2e8
/system/keymaster/android_keymaster_test.cpp
|
b6837e7a62a1192e33beef586282812239ee8b28 |
|
16-May-2015 |
Shawn Willden <swillden@google.com> |
Remove references to Google in Android keymaster reference implementation. Change-Id: I05de61353fc806b90232fab7c1d1cf76aefa35fc
/system/keymaster/android_keymaster_test.cpp
|