01d8f24c45067bc3d909e3aae9a72582f3c985a1 |
|
16-Nov-2015 |
Shawn Willden <swillden@google.com> |
Fix pass-through of deletion on wrapped KM0 and KM1. SoftKeymasterDevice was incorrectly directly sending deletion requests to wrapped hardware. In some cases the key blob passed in by SoftKeymasterDevice is a hardware blob encapsulated by a wrapper, and we need to remove the encapsulation before passing it on. Bug: 25676862 Change-Id: Ic315c6b08d9ec15aa0be8f28f485a221bc7f1135
/system/keymaster/keymaster0_engine.cpp
|
fabacaf3e6019804cc8a98a2b8296be1d0125519 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves. Change-Id: I5af3215e96bb015049574aa18327cd7f7499dbd3
/system/keymaster/keymaster0_engine.cpp
|
1181779c5e6c8627b94067d86db6a2f7d5309674 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Revert "ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves." This reverts commit 41998988331ff38e922a59ef008896beb3145ba0. Change-Id: Ifed6b4e5a69310770373a396271f02da5c9d8934
/system/keymaster/keymaster0_engine.cpp
|
41998988331ff38e922a59ef008896beb3145ba0 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves. Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/system/keymaster/keymaster0_engine.cpp
|
e9fb087a8245e26483e8865515c919c83ed84c5b |
|
23-Oct-2015 |
Shawn Willden <swillden@google.com> |
Return correct error from keymaster0engine for large RSA input Also, ensure that we always put some error on the OpenSSL error queue whenever a wrapped keymaster0 operation fails. Higher layers will look a the last entry on the queue and use it to determine what error code to return. Not putting any error on the queue means that those higher layers will get whatever error was last enqueued, making the result effectively random. Non-determinism bad. Bug: 25337630 Change-Id: I701ab735dd089f5258b2252f543906d9f3baa7a2
/system/keymaster/keymaster0_engine.cpp
|
2ff74dcb3817ae32850e23e3a70bcf8cb274d442 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt. The keymaster1 specification only requires HW modules to implement SHA256 out of the list of keymaster1 digest modes. That would force many keys to be software only, and would break legacy scenarios. This change uses SoftKeymasterDevice to front keymaster modules that don't implement the full suite of digests, quietly inserting KM_DIGEST_NONE and KM_PAD_NONE into key generation/import requests when necessary, then performing the digesting, and sometimes padding, in software, then delegating crypto operations to the hardware. This is only done for RSA and EC keys. Software digesting isn't possible for HMAC or AES-GCM keys. Note that this is not the complete fix for the bug. Some changes in keystore are also required, coming in another CL. Bug: 24873723 Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/keymaster0_engine.cpp
|
80892075fbdb636d7e5cf3a52aa373591d443cee |
|
01-Oct-2015 |
Adam Langley <agl@google.com> |
system/keymaster: remove BORINGSSL_201509 support. The BORINGSSL_201509 define was used to make updating BoringSSL in external/boringssl less painful. It allowed code to compile with either the old BoringSSL (which didn't define BORINGSSL_201509) or with the new (which does). Now that the new version has landed, this change removes that support. Change-Id: I19e661419f830459d015bf14e7905af2ec41b735
/system/keymaster/keymaster0_engine.cpp
|
9a1cd6d88dabe29fb921ff26612695b59aaf125c |
|
09-Jul-2015 |
Shawn Willden <swillden@google.com> |
Truncate too-long digests for keymaster 0 ECDSA sign operations BoringSSL doesn't pre-truncate too-long digests before calling the ECDSA sign operation via the ENGINE interface, and TrustyKeymaster is picky about accepting them. This means that trying to sign a message with, say, a 256-bit key and a 384-bit hash fails on Volantis. This CL also corrects an error in get_supported_digests for ECDSA, which was advertising support for MD5. BoringSSL doesn't support ECDSA with MD5 and we're not offering it in the JCA API, so the solution is simply not to advertise it and to return a better error code if it's requested anyway. Bug: 22355708 Change-Id: Iba2dad6953db7eda23951760b734f499a13c5191
/system/keymaster/keymaster0_engine.cpp
|
607b0e066953a7ac8d0cb0bf884bfa1a50a7b08a |
|
03-Sep-2015 |
Adam Langley <agl@google.com> |
Prepare for BoringSSL update. This change tweaks things as needed so that the code will compile against both the BoringSSL that's currently in Android and a version from upstream. The BORINGSSL_201509 define is temporary to allow the switch to happen without breaking the build and a followup change will remove it. Change-Id: Ia4df39a42eac403f0ce63a55b511db1b8ac40942
/system/keymaster/keymaster0_engine.cpp
|
661b2b1bdff194b6a872b2d92389b76a365e5061 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc. Android is built with exceptions disabled, but "operator new" and "operator new[]" still throw std::bad_alloc on failure rather than returning new. In general this is a good thing, because it will cause an immediate crash of the process rather than assigning a null pointer which is probably not checked. But most memory allocations in Keymaster are checked, because it's written to run in an environment where new does *not* throw. This CL updates the code to explicitly use the non-throwing new. A handful of throwing news remain, but only in places where a crash on failure is appropriate. In addition, this CL also inserts buffer wrap checks in key locations and changes the development-machine Makefile to build in 32-bit mode, to make memory problems more apparent. Bug: 21888473 Change-Id: I7a906e9c757e25fcd8b1d58cede35cd57a336756
/system/keymaster/keymaster0_engine.cpp
|
d6014509dc57a25c52c66094efd4359619a87cf1 |
|
25-Jun-2015 |
Shawn Willden <swillden@google.com> |
Revert "Add buffer wrap checks and disable throwing of std::bad_alloc." This reverts commit e5abbe5d3d4128be6771c80890dc5cd9b2a67a24. Change-Id: Iabb13e951acf080c7c9ed41b2e446b5e07228fba
/system/keymaster/keymaster0_engine.cpp
|
e5abbe5d3d4128be6771c80890dc5cd9b2a67a24 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc. Android is built with exceptions disabled, but "operator new" and "operator new[]" still throw std::bad_alloc on failure rather than returning new. In general this is a good thing, because it will cause an immediate crash of the process rather than assigning a null pointer which is probably not checked. But most memory allocations in Keymaster are checked, because it's written to run in an environment where new does *not* throw. This CL updates the code to explicitly use the non-throwing new. A handful of throwing news remain, but only in places where a crash on failure is appropriate. In addition, this CL also inserts buffer wrap checks in key locations and changes the development-machine Makefile to build in 32-bit mode, to make memory problems more apparent. Bug: 21888473 Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/keymaster0_engine.cpp
|
24bdfc2558c96c76e850e7c366618c638efeb1c4 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate ECDSA keys to keymaster0 in SoftKeymasterDevice. Cherry-picked from internal Bug: 20912868 Change-Id: Idd4057481fbec975d5d59e2b31c912f8edad1ed9
/system/keymaster/keymaster0_engine.cpp
|
ac3980627ab3420463ca787be441ac363726ed12 |
|
21-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate RSA keys to keymaster0 in SoftKeymasterDevice. Cherry-picked from internal. Bug: 20912868 Change-Id: I34d9d08bf1df4bfd2e53d9c36401a195f315cbd3
/system/keymaster/keymaster0_engine.cpp
|