| 01d8f24c45067bc3d909e3aae9a72582f3c985a1 |
|
16-Nov-2015 |
Shawn Willden <swillden@google.com> |
Fix pass-through of deletion on wrapped KM0 and KM1.
SoftKeymasterDevice was incorrectly directly sending deletion requests
to wrapped hardware. In some cases the key blob passed in by
SoftKeymasterDevice is a hardware blob encapsulated by a wrapper, and we
need to remove the encapsulation before passing it on.
Bug: 25676862
Change-Id: Ic315c6b08d9ec15aa0be8f28f485a221bc7f1135
/system/keymaster/keymaster0_engine.cpp
|
| fabacaf3e6019804cc8a98a2b8296be1d0125519 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: I5af3215e96bb015049574aa18327cd7f7499dbd3
/system/keymaster/keymaster0_engine.cpp
|
| 1181779c5e6c8627b94067d86db6a2f7d5309674 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Revert "ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves."
This reverts commit 41998988331ff38e922a59ef008896beb3145ba0.
Change-Id: Ifed6b4e5a69310770373a396271f02da5c9d8934
/system/keymaster/keymaster0_engine.cpp
|
| 41998988331ff38e922a59ef008896beb3145ba0 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/system/keymaster/keymaster0_engine.cpp
|
| e9fb087a8245e26483e8865515c919c83ed84c5b |
|
23-Oct-2015 |
Shawn Willden <swillden@google.com> |
Return correct error from keymaster0engine for large RSA input
Also, ensure that we always put some error on the OpenSSL error queue
whenever a wrapped keymaster0 operation fails. Higher layers will look
a the last entry on the queue and use it to determine what error code to
return. Not putting any error on the queue means that those higher
layers will get whatever error was last enqueued, making the result
effectively random. Non-determinism bad.
Bug: 25337630
Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
/system/keymaster/keymaster0_engine.cpp
|
| 2ff74dcb3817ae32850e23e3a70bcf8cb274d442 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt.
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 24873723
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/keymaster0_engine.cpp
|
| 80892075fbdb636d7e5cf3a52aa373591d443cee |
|
01-Oct-2015 |
Adam Langley <agl@google.com> |
system/keymaster: remove BORINGSSL_201509 support.
The BORINGSSL_201509 define was used to make updating BoringSSL in
external/boringssl less painful. It allowed code to compile with either
the old BoringSSL (which didn't define BORINGSSL_201509) or with the new
(which does).
Now that the new version has landed, this change removes that support.
Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
/system/keymaster/keymaster0_engine.cpp
|
| 9a1cd6d88dabe29fb921ff26612695b59aaf125c |
|
09-Jul-2015 |
Shawn Willden <swillden@google.com> |
Truncate too-long digests for keymaster 0 ECDSA sign operations
BoringSSL doesn't pre-truncate too-long digests before calling the ECDSA
sign operation via the ENGINE interface, and TrustyKeymaster is picky
about accepting them. This means that trying to sign a message with,
say, a 256-bit key and a 384-bit hash fails on Volantis.
This CL also corrects an error in get_supported_digests for ECDSA, which
was advertising support for MD5. BoringSSL doesn't support ECDSA with
MD5 and we're not offering it in the JCA API, so the solution is simply
not to advertise it and to return a better error code if it's requested
anyway.
Bug: 22355708
Change-Id: Iba2dad6953db7eda23951760b734f499a13c5191
/system/keymaster/keymaster0_engine.cpp
|
| 607b0e066953a7ac8d0cb0bf884bfa1a50a7b08a |
|
03-Sep-2015 |
Adam Langley <agl@google.com> |
Prepare for BoringSSL update.
This change tweaks things as needed so that the code will compile
against both the BoringSSL that's currently in Android and a version
from upstream. The BORINGSSL_201509 define is temporary to allow the
switch to happen without breaking the build and a followup change will
remove it.
Change-Id: Ia4df39a42eac403f0ce63a55b511db1b8ac40942
/system/keymaster/keymaster0_engine.cpp
|
| 661b2b1bdff194b6a872b2d92389b76a365e5061 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I7a906e9c757e25fcd8b1d58cede35cd57a336756
/system/keymaster/keymaster0_engine.cpp
|
| d6014509dc57a25c52c66094efd4359619a87cf1 |
|
25-Jun-2015 |
Shawn Willden <swillden@google.com> |
Revert "Add buffer wrap checks and disable throwing of std::bad_alloc."
This reverts commit e5abbe5d3d4128be6771c80890dc5cd9b2a67a24.
Change-Id: Iabb13e951acf080c7c9ed41b2e446b5e07228fba
/system/keymaster/keymaster0_engine.cpp
|
| e5abbe5d3d4128be6771c80890dc5cd9b2a67a24 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/keymaster0_engine.cpp
|
| 24bdfc2558c96c76e850e7c366618c638efeb1c4 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate ECDSA keys to keymaster0 in SoftKeymasterDevice.
Cherry-picked from internal
Bug: 20912868
Change-Id: Idd4057481fbec975d5d59e2b31c912f8edad1ed9
/system/keymaster/keymaster0_engine.cpp
|
| ac3980627ab3420463ca787be441ac363726ed12 |
|
21-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate RSA keys to keymaster0 in SoftKeymasterDevice.
Cherry-picked from internal.
Bug: 20912868
Change-Id: I34d9d08bf1df4bfd2e53d9c36401a195f315cbd3
/system/keymaster/keymaster0_engine.cpp
|