| 5c02b59507262a8ebd8092ee84c39a7fe94bdda2 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
resolve merge conflicts of 4aa5650699 to master.
Change-Id: Ie9469cedffd3f974f02c14582c7d48224a90c667
|
| cb647fec03f71929fd316d2b8f0750f7b24824f3 |
|
27-Jan-2016 |
Shawn Willden <swillden@google.com> |
Support input to "finish()" in AndroidKeymaster operations.
This CL does not yet take advantage of the simplifications that allowing
input to finish() provides. That will require updating the Java layer
first, to remove some assumptions and code that assume update() must
eventually consume all input.
Change-Id: Ie85896027a1d55ddec06750d19addbb1f5e462c8
/system/keymaster/rsa_operation.cpp
|
| b6179f4bec118299e89ce1b6ef6480570880afd9 |
|
26-Jan-2016 |
Shawn Willden <swillden@google.com> |
Set RSA PSS salt length equal to digest length.
This is for compatibility with Bouncy Castle.
Bug: 25770609
Change-Id: I2ada4d7b24711fc8d49a031ce04cbcf19fb949c0
/system/keymaster/rsa_operation.cpp
|
| d599b15c0693950bdc72fb867872044fdc484ef5 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt.
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/rsa_operation.cpp
|
| c0a63805e4f21e46cc533ec0938306ca997c9a2d |
|
30-Jul-2015 |
Shawn Willden <swillden@google.com> |
Left-pad messages when doing "unpadded" RSA operations.
When RSA messages that are shorter than the key size, and padding is not
applied, BoringSSL (sensbibly) refuses, because odds are very high that
the caller is doing something dumb. However, this causes some (dumb)
things that used to work to no longer work.
This CL also fixes the error code returned when a message is signed or
encrypted which is the same length as the public modulus but is
numerically larger than or equal to the public modulus. Rather than
KM_ERROR_UNKNOWN_ERROR, it now returns KM_ERROR_INVALID_ARGUMENT.
Bug: 22599805
Change-Id: I99aca5516b092f3676ffdc6c5de39f2777e3d275
/system/keymaster/rsa_operation.cpp
|
| 53488c665d57bf64ed7cf45b72599cff29c517c3 |
|
17-Jul-2015 |
Shawn Willden <swillden@google.com> |
Use minimum 20 bytes salt for RSA PSS.
This is for compatibility with Bouncy Castle.
Bug: 22492259
Change-Id: I753e5fd223404ba960b6a35862bbd20f519f369b
/system/keymaster/rsa_operation.cpp
|
| 7d05d88dc44b18e0350f7fe8d28c20f2f643bb80 |
|
10-Jul-2015 |
Shawn Willden <swillden@google.com> |
Use specified digest for RSA OAEP.
Bug: 22405614
Change-Id: Ia5eb67a571a9d46acca4b4e708bb8178bd3acd0d
/system/keymaster/rsa_operation.cpp
|
| 2101e9e8215cce6da36d8d7382486737b68e8c93 |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Handle ECDSA messages that may be a few bits longer than the key.
Also fix an RSA error message.
Bug: 22064177
Change-Id: If52b29a3e870e0318d9ecc0f124074a013cb491a
/system/keymaster/rsa_operation.cpp
|
| 0afa3c8a03fc817279bdf0f46abe3dc7a3fd53e1 |
|
22-Jun-2015 |
Shawn Willden <swillden@google.com> |
Require and handle digest for OAEP mode.
Bug: 21998286
Change-Id: I03b21da6a71b7a7a01f3743f01925719191b0124
/system/keymaster/rsa_operation.cpp
|
| d530305019e1ccc1e30a4f8edeb88db3d126e235 |
|
22-Jun-2015 |
Shawn Willden <swillden@google.com> |
Validate input sizes for RSA and ECDSA signing/verification ops.
Bug: 21955742
Change-Id: I4385a6539229b174facd5f04ce0391e2e8c3608d
/system/keymaster/rsa_operation.cpp
|
| 0f906ec40f6ade7955c6b967ea522aade54ea2e4 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/rsa_operation.cpp
|
| bfd9ed7f5c50cdfa310cb0f21c7706e99b780738 |
|
11-Jun-2015 |
Shawn Willden <swillden@google.com> |
Make KM_PAD_NONE and KM_DIGEST_NONE mean any padding or digest.
Bug: 21777596
Change-Id: I3574156902c8e28b42f36462a9aef3f11ce938d3
/system/keymaster/rsa_operation.cpp
|
| 3e37f0a2c3ccd3606aed6dc4aea4a2c8c6cf7f55 |
|
03-Jun-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix unused variable issues
Also adds -Wunused to bring gcc's -Werror inline with clang's to prevent
similar build errors later.
Bug:21583577
Change-Id: Ia051adbb3ea92a8ace914ad958a73348d70cca17
/system/keymaster/rsa_operation.cpp
|
| ded8e7d0ad241fc0a930dbebbd9f2e2bf4e929a2 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Pass output params down to operations.
Change-Id: Ibd6956f6b8ef42f272d922050a7e5da3d78cffb7
/system/keymaster/rsa_operation.cpp
|
| 30160842424ee43690247a0ec4e2858d2bb5d694 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add support for unpadded RSA encryption.
Bug: 21499189
Change-Id: I895e566f769691f70f431b2ed139e0c94b0f6ab9
/system/keymaster/rsa_operation.cpp
|
| 2bf4ad32f195bd734e4d7e7d4ac52c051f182fbf |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Support all digests for RSA.
Also switch to using the EVP APIs where possible for RSA ops.
Change-Id: I092a5c7598073980d36ce5137cfe17f0499a10b9
/system/keymaster/rsa_operation.cpp
|
| 117a0cc2178ec1151562b8607182647bfb62517e |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Move digest and padding handling to OperationFactory.
Moving these methods up from RsaOperationFactory makes them available
for EcdsaOperationFactory.
Bug: 21048758
Change-Id: I2f77d7c98cd48173e251689997dda6b87b473480
/system/keymaster/rsa_operation.cpp
|
| 0629810b145187575bc26c910dded0d24c64569d |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Another refactor, deleting AbstractFactoryRegistry.
I should have known better than to make these singletons to begin
with. Globals create problems. This undoes that mistake.
Change-Id: Idf61d5f72e3c34b5c4ddb27cc94b05f506561743
/system/keymaster/rsa_operation.cpp
|
| 2beb628bfefae72fa6bb84a6235da7e3de532823 |
|
21-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate RSA keys to keymaster0 in SoftKeymasterDevice.
Bug: 20912868
Change-Id: I515a125f1247357d2cd9b4633c3b223590848093
/system/keymaster/rsa_operation.cpp
|
| 7bae132f732a73dc53b5ffc5e3eed0176e93a00c |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Fix off-by-one error in PKCS#1 v1.5 encryption padding size.
Change-Id: I0fdfe3223b351d4a064e5dac0aa5d732fa0ab073
/system/keymaster/rsa_operation.cpp
|
| 67380a948d80ce62455b1ec9ed8283e3349498c6 |
|
13-May-2015 |
Shawn Willden <swillden@google.com> |
Build development unit tests against BoringSSL.
Change-Id: Ie3ab9e09913ed304d5326dca3bfa398f26dc9bf7
/system/keymaster/rsa_operation.cpp
|
| 3ad5f05e1ae2ca4beb1d0b2104c742de869841bc |
|
08-May-2015 |
Shawn Willden <swillden@google.com> |
Enforce padding specifications.
Bug: 20917242, 19509156
Change-Id: Ib67076f89ef3d675b5e2e926cc3702fa208dbbb6
/system/keymaster/rsa_operation.cpp
|
| 226746bfb5f79857145d5f3ebdfd6f49b6c114ac |
|
08-May-2015 |
Shawn Willden <swillden@google.com> |
Enforce digest specifications.
Bug: 20917242, 19509156
Change-Id: I5b3509bea78754192f0d5e2a76de24621fc43621
/system/keymaster/rsa_operation.cpp
|
| 197d9af98df67eaf777d149df22c8eeead8511b1 |
|
09-May-2015 |
Shawn Willden <swillden@google.com> |
Revert "Use CRYPTO_memcmp from OpenSSL rather than memcmp_s."
This created a build breakage in Trusty, and so was reverted in AOSP. Reverting here to sync.
This reverts commit 4749c43a3b4f48be951924fb473e1fcd0279c508.
Change-Id: I9473f58ace295d9454693759c88c85fe9f70ae01
/system/keymaster/rsa_operation.cpp
|
| 4749c43a3b4f48be951924fb473e1fcd0279c508 |
|
04-May-2015 |
Shawn Willden <swillden@google.com> |
Use CRYPTO_memcmp from OpenSSL rather than memcmp_s.
Change-Id: I66162b4e4e2cdc2e8ba78fd7a0b76a8f72d430dd
(cherry picked from commit f61d93895db9a7ca073a774500ca63b0055e3657)
/system/keymaster/rsa_operation.cpp
|
| 3ed6d06a378c29deacb1fb9cc33b599b309c3a52 |
|
15-Apr-2015 |
Shawn Willden <swillden@google.com> |
Add begin_params to CreationOperation.
Allowing several crypto parameters to be repeated on keys means we need
to be able to specify them at operation time, which means they'll be
passed in to the begin() params. This change makes it possible for
operations to actually receive these values.
Bug: 19509156
Change-Id: I4504f5206d93ce3040b6a5a8d8dacb5b08eb2b90
/system/keymaster/rsa_operation.cpp
|
| 0bd61a86393112ec5b23da8b9e9c18cb87c215f8 |
|
14-Apr-2015 |
Shawn Willden <swillden@google.com> |
Check for old digest tag on RSA keys.
Change-Id: I9aa249a3308003fcacccfdec28dfa27cd37c680e
/system/keymaster/rsa_operation.cpp
|
| d9d7acff7c43f52ebd038eb77afd67d597844b35 |
|
26-Feb-2015 |
Shawn Willden <swillden@google.com> |
Make several crypto parameters repeatable.
This is only part of the required change. This just keeps things
building. The other part is to allow specification of the particular
parameter desired in begin().
Bug: 19509156
Change-Id: Ic584d8a6bf5601f9754563b67b3cc6b3ca6b5ff9
/system/keymaster/rsa_operation.cpp
|
| 2c242009007a38b5c8003137fb8ba5a1fdb73b70 |
|
27-Feb-2015 |
Shawn Willden <swillden@google.com> |
Add AuthorizationSetBuilder.
Actually move it from google_keymaster_test, where it was called
ParamBuilder. This is a generally-useful tool.
Change-Id: I07200cdf2e5628289d9e544af02efe519ca124d3
/system/keymaster/rsa_operation.cpp
|
| adb0f33551c94e50604d4f573dbc2fe20b8ce6be |
|
06-Mar-2015 |
Adam Langley <agl@google.com> |
Use non-deprecated PSS functions.
Also, fix a size warning with BoringSSL. BoringSSL has |RSA_size| return
a size_t, so it's easier to cast that to unsigned to work with both.
Change-Id: I9cfd75dfffb4d017eca2e05f0b302c45010222f3
/system/keymaster/rsa_operation.cpp
|
| d92591db7e0ab6852f561fa2b97904e5da633c1c |
|
31-Dec-2014 |
Shawn Willden <swillden@google.com> |
Add utility methods in OperationFactory to check mode support.
Change-Id: I1786a1306c2586f0b30126d6cf0de600a8a583d6
/system/keymaster/rsa_operation.cpp
|
| f90f235636cc3cbfb393e5006b673aef00df825a |
|
19-Dec-2014 |
Shawn Willden <swillden@google.com> |
Add support for PSS and PKCS1v1.5 padding for RSA signatures.
Change-Id: Ieb3c7e9ca58630aad4edc4082bd67e9872d317b8
/system/keymaster/rsa_operation.cpp
|
| 61902366cc912daacb84dd84c9bada95718e19b7 |
|
18-Dec-2014 |
Shawn Willden <swillden@google.com> |
Add support for SHA256 digests to RSA signing operations.
Change-Id: Iacca20554bef0bb3ea3c525af87c00f77df069f9
/system/keymaster/rsa_operation.cpp
|
| 567a4a04f43d35b785d50508e6459b01f2ab4d14 |
|
31-Dec-2014 |
Shawn Willden <swillden@google.com> |
Switch to using global logger
Change-Id: I7af02342320a9a431cd9845baaf5dbcf61d460c2
/system/keymaster/rsa_operation.cpp
|
| 28eed514058f9f1408e86910bfc67bb87af05506 |
|
26-Feb-2015 |
Shawn Willden <swillden@google.com> |
Increment reference count rather than duping key.
Change-Id: Ia5068fd01975e33e2dd4996811d5a9125767d17a
/system/keymaster/rsa_operation.cpp
|
| 63ac043f81f8e2a15bbadcb6628b92096295ab6a |
|
29-Dec-2014 |
Shawn Willden <swillden@google.com> |
Refactor operation creation to use an operation factory registry.
Also modify GoogleKeymaster to query the operation factories to get
lists of supported modes and digests.
Change-Id: Ied30185df5dddaeaeb1106df63237757896d77db
/system/keymaster/rsa_operation.cpp
|
| 6bfbff0020bb964a736e30d717b338e3e3973a36 |
|
07-Feb-2015 |
Shawn Willden <swillden@google.com> |
Add additional params to update and finish operations.
Change-Id: I78a81b1ceb47a2abb189da4b0446800a56ec88c3
/system/keymaster/rsa_operation.cpp
|
| b7361134bff4d3d7ef1d5a3c60e50c9952dc2b56 |
|
08-Dec-2014 |
Shawn Willden <swillden@google.com> |
Refactor Update operation to return amount of input consumed.
Per the keymaster "update" API documentation, implementations need not
consume all provided input, and must return information about how much
they did consume, so the caller knows to resend the unprocessed portion.
It's convenient for the AES OCB mode encryption to sometimes process
less than is provided, but the Update operation interfaces didn't
account for not consuming all data.
This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.
Change-Id: Ida401453a6af6c751ea7093e283a101bd8527709
/system/keymaster/rsa_operation.cpp
|
| 4200f211057551c02e909fe88e5a92dae7a36597 |
|
02-Dec-2014 |
Shawn Willden <swillden@google.com> |
Add RSA encryption and decryption support.
This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.
Change-Id: Ie5b7dba86a7ae7f62eedbdb6eec7b61ef83d0c73
/system/keymaster/rsa_operation.cpp
|
| 5f42dbae89434cfb2bd0cd00061b1096b3fd02b5 |
|
20-Jan-2015 |
Shawn Willden <swillden@google.com> |
Revert "Add RSA encryption and decryption support."
This reverts commit 46a420de44adaadfbaf293ef4a01a70ed5855619.
/system/keymaster/rsa_operation.cpp
|
| 5da34d2f205623a05ca503d5c192a020b7740be1 |
|
20-Jan-2015 |
Shawn Willden <swillden@google.com> |
Revert "Refactor Update operation to return amount of input consumed."
This reverts commit 125febcb5d1888fa82e8c2eb307513598a537999.
/system/keymaster/rsa_operation.cpp
|
| 125febcb5d1888fa82e8c2eb307513598a537999 |
|
08-Dec-2014 |
Shawn Willden <swillden@google.com> |
Refactor Update operation to return amount of input consumed.
Per the keymaster "update" API documentation, implementations need not
consume all provided input, and must return information about how much
they did consume, so the caller knows to resend the unprocessed portion.
It's convenient for the AES OCB mode encryption to sometimes process
less than is provided, but the Update operation interfaces didn't
account for not consuming all data.
Change-Id: I07fa3f490c0eb25a09302b1266becaf81f6f5243
/system/keymaster/rsa_operation.cpp
|
| 46a420de44adaadfbaf293ef4a01a70ed5855619 |
|
02-Dec-2014 |
Shawn Willden <swillden@google.com> |
Add RSA encryption and decryption support.
Change-Id: Iceefe0933c80a2169f87fbc01a6fa0fce9644649
/system/keymaster/rsa_operation.cpp
|
| f2aefdfc5adcc0a59bd51a7e4ec5ab92a513171c |
|
26-Sep-2014 |
Adam Langley <agl@google.com> |
Remove cast when using BoringSSL.
BoringSSL defines RSA_size as returning an unsigned, as one would hope.
No cast is needed in that case.
Change-Id: Ifc596af987a6abce40f685d66adb63aee4709666
/system/keymaster/rsa_operation.cpp
|
| d1dd312a2136731e8ab27101340ef896d052916d |
|
10-Sep-2014 |
Shawn Willden <swillden@google.com> |
Remove message size checks for RSA and DSA signing operations.
There appears to be too much code, both production and tests, that
assumes it can feed various-sized messages to signing ops. This change
essentially just falls back on openssl, letting it decide what is
acceptable and what is not. That should make it bug-compatible with
softkeymaster, and perhaps with other TEE implementations.
Change-Id: I6185fdef3abf19321029d0b192669b722b363cf8
/system/keymaster/rsa_operation.cpp
|
| 0a4df7e3a83a59e4a5abc3f605d7d7e9f636c682 |
|
29-Aug-2014 |
Shawn Willden <swillden@google.com> |
Add GoogleKeymaster implementation.
Squashed commit of the following:
commit 83804621f399f4bcab9281c0eecfcbefe56b054e
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 28 13:47:40 2014 -0600
Add more logging methods, to distinguish message priorities.
Change-Id: I2308af04eb699fb896d3e701a659945451304ddf
commit 2241bf042c54aa5099bbb99a76e9de0162b92d07
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 28 09:59:53 2014 -0600
Make keymaster_key_blob_t key_material const, to help prevent
accidental modification.
Change-Id: I505779ed677730d72c310fca1626b1093c71e90d
commit c0c85cf5104f698054d59b28c68f0461ebec2233
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 19:56:43 2014 -0600
Make GoogleKeymaster's logger public.
Change-Id: Idbe17e6b6ae7ab403d199323b8e20979a2e56c97
commit e46a43f403ba4fa66c505684ac173c1fa7c35584
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 10:35:36 2014 -0600
Add some test TODOs
Change-Id: Id209182f0d153d67dca09846be4df5ef02b74cf2
commit 81effc68a04810b76f0b10594d92df4ffbf35c6c
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 10:08:46 2014 -0600
Finish key import implementation.
This is the last bit of GoogleKeymaster that remained incomplete (for
the v0.3 functionality).
Change-Id: I27be52ae032883c004b2df21f0c7b229af512922
commit 368bc7749eaa2e1321d552e45a96d83b5500ba47
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 06:45:34 2014 -0600
Move key_blob.h in to include/keymaster, to export it.
Change-Id: If28db94840557e6ca3019b7bcf7b5f29f0ff6cf7
commit b3407024ccfec72831a76b9772a496ab81fc33ce
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 27 06:30:52 2014 -0600
Fix minor bug in operations.
Note that this bug isn't exposed by the v0.3 API, since it
doesn't allow multi-step signing/verification operations.
Change-Id: I18554e7e1017ed83d3708c134f72cf1d34857437
commit 960dd0749380857988c07d40feae7f252bb2209a
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 26 17:24:28 2014 -0600
Define remaining commands.
Change-Id: Ic68f172efa2b401bee1dcf14cbb94f72b86b31ae
commit 98d9b92547a9a7553b99e3e941a4175926f95b62
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 26 08:14:10 2014 -0600
Reorganize system/keymaster.
This CL moves the includes that should be exported to include/ and
removes the trusty-specific code (some of which is moving to
hardware/google and some of which is moving to the trusty tree.)
Change-Id: Ie4fabf6b5c5f36b50c2f5ff356548ca2e9140fcb
commit 407d41282d6b0a7f2d6e2826d44a58b016a5d844
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 16:49:13 2014 -0600
Implement TrustyKeymaster key generation, plus tests.
Change-Id: I085be101c735d136e7d5b2915a9510102722e695
commit 2f3be368e5ad911cc0b014421dd3682130260ffc
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 11:31:39 2014 -0600
Add the beginnings of logging infrastructure.
Change-Id: Ic36134402bfbb098d2242c463a3b4265d1d65209
commit f2282b3c6690ccfaa7878886f01693ef4f0b3bed
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 25 06:49:54 2014 -0600
Add some "fuzzing" tests for deserialization, and fixes for all of the
problems discovered.
Change-Id: I050344f6c6d0a19b7f3304d23729b4ca71c05042
commit b663b61f00b1a51a2535520aa726f788fffdf34b
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 18:54:45 2014 -0600
Fix OTE bug for keymaster.
Change-Id: I71d222ad9ed54098492dcc7b7f16d7c72d42923d
commit 2a4a48d51a057b33f83f09efae09bb354ec6a801
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 16:04:53 2014 -0600
Remove unused variable.
Change-Id: I6327f2092c23bd7aaae8aeda48915c3ac9259080
commit 5acebf56729f1307c4971a601ab38f6a320d0562
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 15:46:35 2014 -0600
Allow GoogleKeymaster caller to specify creation time, since Trusty can't.
Change-Id: Ia843704da726521f36ff4b954dcc6c1b6286f7be
commit 81d3b4fe9a86bae8bac2fb98877af04f39d11250
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 21 12:16:26 2014 -0600
Modify to be keymaster v0.3 compatible and add some debugging output.
Change-Id: Idc3e15b1af57fa9ddbdfc3a46f32f100b146fd83
commit 235cd7e70389c42ce26b832ad8ddcfefbc812fb7
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 17:37:08 2014 -0600
Remove Android.mk to unbreak AOSP build.
Change-Id: I9f78fee36874ff3681b3cc55c2081c1cae8cb343
commit 62de26672193373972f2ce968b51cf8335f118f9
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 14:14:49 2014 -0600
Trusty test app.
Note that this code is in the wrong place. The right place is still
begin created so I'm putting them here for now. We'll move them when
it's ready.
Change-Id: Iab7384a531fd4a935dbeef0aebf2652eb06f6e03
commit 437fbd195e7de57b7dc0c449c04458bd90ef50de
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 20 11:59:49 2014 -0600
Add key importing, RSA only.
Change-Id: I639e797939a28b2b2a815541c9926dc194657c54
commit 060e9b04445f91db31b2b412f944aa402b9e1a8d
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 20:27:45 2014 -0600
Make keymaster_defs.h compatible with v0.3 keymaster.h.
Change-Id: I53ae63c9fec3cc7131a1f1373e8bf4448252cc79
commit 3d3e1d388480a2c242a39f4bc5adf000728c8da5
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 16:28:25 2014 -0600
Add *.massif to .gitignore.
Change-Id: I77be33411f2cef6e0a2046489a8c153985b8040f
commit f268d742dbefe0e84b4046db7669c4ffbc110f7d
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 15:36:26 2014 -0600
Refactor export to use new key infrastructure, and work with all key types.
Change-Id: Ie1f621f9db855665d57cde93c24881415de33ca2
commit d67afae61f822463120c36fea846362450dd7d71
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 12:36:27 2014 -0600
Refactor key and operation details.
Change-Id: I80267e6184955ecd98b08ceab91f4afd50c67614
commit 370121346777e13437c275fbe7a975d899cc325c
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 19 08:15:57 2014 -0600
Added AuthorizationSet push_back method that takes a set.
This is needed for some key refactoring work. Also did some
AuthorizationSet refactoring here.
Change-Id: I681a2793838c1d68b22dc2a39258c30d7ab117bc
commit ffd790c9846b93d0af7b28b1998a9f8f8aa076a4
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 21:20:06 2014 -0600
Add key export, RSA only. (rileyspahn@google.com implemented).
Change-Id: I55c3497a1dc5360bfc8518a388b73776388a47e4
commit 5ac2f8ff7c82d2b5c2dd17273ce58c7806df0ec2
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 15:33:10 2014 -0600
Add ECDSA signing and verification.
Change-Id: Ic5345ebe6e79e3ee764c3a729dc551c61b87c79b
commit c3864dde9ffa9a52bb60802664e1cab1de5c0287
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 15:20:01 2014 -0600
Add ECDSA key generation.
Change-Id: I68a1d46e617124a8ccb7a4b2c09baae89603a5e0
commit 5b41ca2d7f106cc49315a8ecbac2f51fb445fb57
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 14:29:14 2014 -0600
Implement DSA signing and verification.
Change-Id: I22a1c4518bcd393d1183e10a906600488ec8e9c8
commit 61644f3d8a7f2374fd579cdeb76e841d4bc0efe0
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 13:43:14 2014 -0600
Small refactor of signing/verification tests, to facilitate DSA testing.
Change-Id: I68a8f83d85993f320a0e05e39cefc56bb2823b7d
commit 28e41475a2559824a0f3f2c850ed92a65c586f95
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 13:35:22 2014 -0600
Add DSA key generation.
Also refactor RSA key generation a bit.
Change-Id: I838ff58210f0a3be41f04c7e945e998751fca9f5
commit 802bb29cc190fb610367fdb7236ef9c2e93826f2
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 18 10:46:29 2014 -0600
Refactor GoogleKeymaster to move openssl RSA key-generation operations
to RsaOperation.
Change-Id: Id6c66bd431cf3f8895113108027920ffafef578b
commit da8485ea42e53839579575ec9fc2b49f7cf1a1f9
Author: Shawn Willden <swillden@google.com>
Date: Sun Aug 17 08:00:01 2014 -0600
Flesh out all remaining message structures, with serialization.
Still didn't implement recsoping messages, since they're not relevant
for 0.3.
Change-Id: Ia05a04349ff0329557b01d14f6c501540cc74439
commit 172f8c9be706e27f43022063bbc7f4b0177583ac
Author: Shawn Willden <swillden@google.com>
Date: Sun Aug 17 07:50:34 2014 -0600
Housekeeping CL.
Make variable names and formatting more consistent. Also, add doxygen comments to Serializable.
Change-Id: I24ff138611111acf96112be74a04cc35f04908e0
commit 43e999eed16a78cb6d48f1dfd11b33dee4d80a1a
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 13 13:29:50 2014 -0600
Add RSA verification.
Change-Id: Ie9ac37dba7ead62b0ca17054bbf6d2744cea5946
commit 1615f2ecf2537db7b302eb9b5be4394f711fd815
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 13 10:37:40 2014 -0600
Add RSA signing support.
Change-Id: Icdcbd978d58c8764618b995571d1e8b649959ef0
commit 60ebf8e49977683bc8cabe4609ce8b0405db7711
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 11:43:10 2014 -0600
Change to enable KEYMASTER_NAME_TAGS globally.
Selectively changing the size of the TypedTag structure causes subtle
problems when inlining is disabled (e.g. -O0).
Change-Id: I7f87a5a34eb574b0adaa8492f51fbcf2b172b4ca
commit ebf627f0b50c0979e6cf53668464297703371eba
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 11:15:29 2014 -0600
Allow building tests with Clang, and fix some bugs Clang diagnosed.
Change-Id: Ie213deadabdb9c84d4ea1d2f69b1beaa87165717
commit 7b83f18c17b5820f8fcc177fc58eb34cf7ef6d05
Author: Shawn Willden <swillden@google.com>
Date: Tue Aug 12 07:35:37 2014 -0600
Add .gitignore.
Change-Id: I08e9599c699debaddf815e9f65a781920c241e47
commit 7636471bd1c553ac179f0dddc17133491d0e1faf
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 17:48:04 2014 -0600
Implement GetKeyCharacteristics.
Still need to add serialization to the messages.
Change-Id: I572c48474bf4d4f553d53cad475b57fa8937a02a
commit 74aff357261879dfa8366528a42c59b042c7bd05
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 14:08:31 2014 -0600
Implement and use secure memset to clear sensitive buffers.
Ordinary memset can be optimized away, leaking sensitive data to other
processes.
Change-Id: If4b51e342ef1f21d7e5fa8907bb0534b17bf295b
commit 39b970bea81461af88f83e1c2329eb1b0f4d2e73
Author: Shawn Willden <swillden@google.com>
Date: Mon Aug 11 09:11:21 2014 -0600
Handle "hidden" authorization tags correctly.
Change-Id: I9fa18f8ab465a2faa0f358e12f72daf18ca02fe7
commit 834e80747cbb960f8a4028c5c8604bf5218ecdb9
Author: Shawn Willden <swillden@google.com>
Date: Sat Aug 9 16:38:53 2014 -0600
Improve authorization_set test coverage.
Change-Id: I8dd1830db8c19be07cef768c63c9ecfa3e16ae21
commit 8d336ae10df66da4c0433f17c2d42e85baea32c5
Author: Shawn Willden <swillden@google.com>
Date: Sat Aug 9 15:47:05 2014 -0600
Change authorization set serialization approach to ensure that 32 vs 64
bit size and alignment differences don't cause problems.
Change-Id: I4a308cfac782161db2f1456adb2d6a56537e61f1
commit 4db3fbdda292c0c3120dfe160c1b49670aa18600
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 22:13:44 2014 -0600
Refactor and expand KeyBlob capabilities.
KeyBlob's responsibilities have grown, it makes sense to make it a
first-class class, and to use the Serializable infrastructure.
Change-Id: I76a8dac5b4b4fe47d6677c27ab9eba2755f02dfe
commit 58e1a5486219a1be9264d4e863a9dd3e393906c3
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 21:58:29 2014 -0600
Eliminate in-place serialization.
Not doing in-place serialization will result in greater heap
consumption, but eliminates many alignment-related issues. Given more
time, I'd prefer to solve the alignment issues by computing and
inserting appropriate padding, but we don't have the time.
Change-Id: I86e4bdf57263db26c73372ae2963f21c5f5f00aa
commit 301646f55214ed693e79c7869d54033a74641907
Author: Shawn Willden <swillden@google.com>
Date: Fri Aug 8 21:44:10 2014 -0600
Correct the rest of the #include guard defines.
Change-Id: I8f2bf58f2bebb3f06ae4cd0f90f79d85acd42155
commit b10f3b26af1e3b382d9ef361b3eb5279d16a9c05
Author: Shawn Willden <swillden@google.com>
Date: Thu Aug 7 08:11:51 2014 -0600
Correct #include guard defines.
Change-Id: Ie05c78490f6f3fe8c194cc00c0c87e117508054d
commit 3879f8641d044cf53f4163dc5c46a1399006eb03
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 14:40:48 2014 -0600
Fix inclusion error.
Change-Id: I8f49b7e1547575e0bc4616836ed00d6e02c22879
commit f5bebad1ce284d8df37d3469f6b93ecc1522741c
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 14:17:53 2014 -0600
Put keymaster_defs.h in system/keymaster.
This file will eventually live in hardware/libhardware/include/hardware,
but for now it's convenient to have it here.
Change-Id: Ia25b59f905db5a54c2e69b5fb745dbd08d0fe303
commit 128ffe07c723d8ffe2d5ea528ba5f64436c8a55a
Author: Shawn Willden <swillden@google.com>
Date: Wed Aug 6 12:31:33 2014 -0600
Add GoogleKeymaster. Very incomplete.
Change-Id: I53542c7132bd1a04afee93f3247b88ed7ed0bedc
commit 5ada7b6c525d2bfd5b556a698ccb11db23e052bb
Author: Shawn Willden <swillden@google.com>
Date: Tue Jul 29 09:44:17 2014 -0600
Add AuthorizationSet class and some supporting utils and a Makefile for
running tests on the dev machine.
Change-Id: I608e660854ace71409dd8bb5395d83dcfbf803c0
commit 7a70abbf29293b30bb1e7ed3a58deb40f8774a53
Author: Bill Yi <byi@google.com>
Date: Mon Jul 28 21:38:52 2014 +0000
Initial empty repository
Change-Id: I199c7a0ca076cfdaba1fecf6109d573f3dca5801
/system/keymaster/rsa_operation.cpp
|