History log of /system/keymaster/aes_operation.cpp
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
cb647fec03f71929fd316d2b8f0750f7b24824f3 27-Jan-2016 Shawn Willden <swillden@google.com> Support input to "finish()" in AndroidKeymaster operations.

This CL does not yet take advantage of the simplifications that allowing
input to finish() provides. That will require updating the Java layer
first, to remove some assumptions and code that assume update() must
eventually consume all input.

Change-Id: Ie85896027a1d55ddec06750d19addbb1f5e462c8
/system/keymaster/aes_operation.cpp
4fc15704d86aab977c2bdbb14345a2c417be2bab 23-Oct-2015 Shawn Willden <swillden@google.com> Remove unused variables.

Change-Id: Ib6adb9242ed8060d6182501784c249c2cd4926f6
/system/keymaster/aes_operation.cpp
33ab0389e908b98702806c746e7babc0d46eb452 08-Jul-2015 Shawn Willden <swillden@google.com> Add support for KM_TAG_MIN_MAC_LENGTH.

HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at
creation, and operations may not specify a length smaller than the
minimum, or provide a length smaller than the minimum during
verification.

Bug: 22337277
Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433
/system/keymaster/aes_operation.cpp
e23a2c91145e2294915e5d0cc5d7591c1aa82aca 06-Jul-2015 Shawn Willden <swillden@google.com> Fix enforcement of block mode and MAC length on AES ops

Bug: 22301168
Change-Id: I54b4efffa1786b08704dd6e785360870f155ed80
/system/keymaster/aes_operation.cpp
5532a085818bdf27ede33c9199024b86023e5961 01-Jul-2015 Shawn Willden <swillden@google.com> Allow any padding mode to be used with keys with KM_PAD_NONE.

Bug: 22229156
Change-Id: I5de66c3ed86244452e7776bff9523e35030713e9
/system/keymaster/aes_operation.cpp
0f906ec40f6ade7955c6b967ea522aade54ea2e4 20-Jun-2015 Shawn Willden <swillden@google.com> Add buffer wrap checks and disable throwing of std::bad_alloc.

Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.

A handful of throwing news remain, but only in places where a crash on
failure is appropriate.

In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.

Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/aes_operation.cpp
294a2db0e5f2eb46d84e4f5c9ce25245ac474147 17-Jun-2015 Shawn Willden <swillden@google.com> Don't enforce purpose, digest or padding on public key operations

Bug: 21877150
Change-Id: Iaf00c94aaca892a154aea7aa4e3828bfbd8d9630
/system/keymaster/aes_operation.cpp
c4bfa86500fe46c0796b6d4378f9264f1c4f7d5d 17-Jun-2015 Shawn Willden <swillden@google.com> Reject AES GCM nonces of other than 12 bytes in length.

Bug: 21614165
Change-Id: Ic938193babee9478ccf6779670e7f43b6e31335d
/system/keymaster/aes_operation.cpp
34419130408d2a6dcadd7b0f1b6d2c9c4002bbac 09-Jun-2015 Shawn Willden <swillden@google.com> GCM tags in ciphertext, rather than in params.

Also, handle AAD correctly.

Bug: 21786749
Change-Id: I26a413f39daf3bd946ed494c7c3b5c6f559fb30b
/system/keymaster/aes_operation.cpp
0f39256c68dc689b2eb8b604c4d39f17b9300363 02-Jun-2015 Shawn Willden <swillden@google.com> Add AES-GCM mode.

Bug: 19919114
Change-Id: I27efed097efbd93d587a50f5d82fad80a96e7527
/system/keymaster/aes_operation.cpp
ded8e7d0ad241fc0a930dbebbd9f2e2bf4e929a2 01-Jun-2015 Shawn Willden <swillden@google.com> Pass output params down to operations.

Change-Id: Ibd6956f6b8ef42f272d922050a7e5da3d78cffb7
/system/keymaster/aes_operation.cpp
0629810b145187575bc26c910dded0d24c64569d 26-May-2015 Shawn Willden <swillden@google.com> Another refactor, deleting AbstractFactoryRegistry.

I should have known better than to make these singletons to begin
with. Globals create problems. This undoes that mistake.

Change-Id: Idf61d5f72e3c34b5c4ddb27cc94b05f506561743
/system/keymaster/aes_operation.cpp
c442467181d8a9427c83fea4f0a272c8a7b46043 11-May-2015 Shawn Willden <swillden@google.com> Enforce padding parameter for AES.

Bug: 20917242
Change-Id: If1c35792279a4b03731552ced86ae7755efc6fc8
(cherry picked from commit 5bc56cdf1e466da3c3ebfeb3f49f07094d11b376)
/system/keymaster/aes_operation.cpp
31e063f8ed913369eb30648537fb5827dfd7a0d3 08-May-2015 Shawn Willden <swillden@google.com> Enforce block mode specifications.

Bug: 20917242, 19509156
Change-Id: If09e18540e9ffb968498d8acca8561d85b031562
/system/keymaster/aes_operation.cpp
3ad5f05e1ae2ca4beb1d0b2104c742de869841bc 08-May-2015 Shawn Willden <swillden@google.com> Enforce padding specifications.

Bug: 20917242, 19509156
Change-Id: Ib67076f89ef3d675b5e2e926cc3702fa208dbbb6
/system/keymaster/aes_operation.cpp
344549836442988693f27be8252c31bd2ebefdee 30-Apr-2015 Shawn Willden <swillden@google.com> Modify RAND_bytes calls to handle -1 return code.

Bug: 20554394
Change-Id: I54dce88f7bb90bd5660e9d3a7be9b9646bcc12bd
(cherry picked from commit 9ee79fb55049c242b12e067df1a824f18622ccfd)
/system/keymaster/aes_operation.cpp
6770635e8ba485102be7a629ba936d8f5cf3d3ab 28-Apr-2015 Shawn Willden <swillden@google.com> Diagnose erroneous caller nonce/IV.

Bug: 20127433
Change-Id: Ic8ec74daf4b732aea6a393fe5f0ed4abe9e6eef2
/system/keymaster/aes_operation.cpp
3ed6d06a378c29deacb1fb9cc33b599b309c3a52 15-Apr-2015 Shawn Willden <swillden@google.com> Add begin_params to CreationOperation.

Allowing several crypto parameters to be repeated on keys means we need
to be able to specify them at operation time, which means they'll be
passed in to the begin() params. This change makes it possible for
operations to actually receive these values.

Bug: 19509156
Change-Id: I4504f5206d93ce3040b6a5a8d8dacb5b08eb2b90
/system/keymaster/aes_operation.cpp
969aa382ca37968eff1b45012ab870fdbb775d30 16-Apr-2015 Shawn Willden <swillden@google.com> Generate nonce if caller doesn't provide one.

If the key has KM_TAG_CALLER_NONCE, then the caller is allowed to
provide a nonce. Previously the assumption was that the caller was
_required_ to provide a nonce. But to play nicer with the Java crypto
API, it's better to make the caller nonce optional if
KM_TAG_CALLER_NONCE is true.

Bug: 19919504
Change-Id: I6189e19017b9026b955f529c7267913de8b04a74
/system/keymaster/aes_operation.cpp
c47c88f1a9ec3fce5e8116b9b5572b58783f56d0 08-Apr-2015 Shawn Willden <swillden@google.com> Remove OCB Mode.

Change-Id: I8f804978208e2c8701bd52dc79b5597a307b7e7a
/system/keymaster/aes_operation.cpp
20d725d20a2ba8eba06caaf5d11e113e069161c0 25-Mar-2015 Thai Duong <thaidn@google.com> ECIES: implement KM_MODE_CTR. This implementation is rand counter-mode.
When encrypting, if the caller doesn't specify the IV, Keymaster will
randomly generate a 16-byte IV.

Change-Id: I9096b83ca38be161b60b398271c99bc11e804b52
/system/keymaster/aes_operation.cpp
f01329d8692edde9a9ffb88f29f5d684eab481e2 12-Mar-2015 Shawn Willden <swillden@google.com> Improve error reporting and logging.

Bug: 19603049
Bug: 19509317
Change-Id: I041c973802e6c567adc5b1f280fc5bac27ba28d6
/system/keymaster/aes_operation.cpp
92b69a300beb364bfab57a16d1e965dcdf755d4a 14-Mar-2015 Shawn Willden <swillden@google.com> Fix delete/delete[] mismatch & check for failed alloc.

Change-Id: Ieb73e5cb11869436771bf463d41e5510d6b93507
/system/keymaster/aes_operation.cpp
7a62f5e84c579b85104fd617040a57b5dcb9fef2 10-Mar-2015 Shawn Willden <swillden@google.com> Handle AES CBC IVs via input/output params.

Change-Id: Idd98103943e661e0940f274c3b3342192d211438
/system/keymaster/aes_operation.cpp
dfa1c030e941cba4e66b362854d84b19298353c9 07-Feb-2015 Shawn Willden <swillden@google.com> Add AAD support to AES OCB.

Also add OCB test vectors.

Change-Id: I33074bfea142aab334916c4567f92a6645fcab9f
/system/keymaster/aes_operation.cpp
498e0aa0e02fba5cacf1f9ba012b3f406e1f4e25 04-Mar-2015 Shawn Willden <swillden@google.com> Remove support for CFB and OFB modes.

They're not supported by the openssl in Trusty, and we don't
actually need them for now, so just remove them.

Change-Id: I6ca385fff34dba8732d001c03c502d62136477a0
/system/keymaster/aes_operation.cpp
f0f68b976b0ffac10d3e0efddc5bee38fd9d1ea3 31-Dec-2014 Shawn Willden <swillden@google.com> Add AES ECB, CBC, OFB and CFB support.

Change-Id: I7a4e8eaa3be5f20e87ab1f16b0b6bfc1fa47b74c
/system/keymaster/aes_operation.cpp
567a4a04f43d35b785d50508e6459b01f2ab4d14 31-Dec-2014 Shawn Willden <swillden@google.com> Switch to using global logger

Change-Id: I7af02342320a9a431cd9845baaf5dbcf61d460c2
/system/keymaster/aes_operation.cpp
63ac043f81f8e2a15bbadcb6628b92096295ab6a 29-Dec-2014 Shawn Willden <swillden@google.com> Refactor operation creation to use an operation factory registry.

Also modify GoogleKeymaster to query the operation factories to get
lists of supported modes and digests.

Change-Id: Ied30185df5dddaeaeb1106df63237757896d77db
/system/keymaster/aes_operation.cpp
6dde87c27ec620c0962507b58ece3fbe94bbff02 11-Dec-2014 Shawn Willden <swillden@google.com> Add AES OCB decryption.

Also, refactor to extract functionality that will be common to all AEAD modes.

Change-Id: I4bcf12c9d2d464ab1af559c69031904ffae45e25
/system/keymaster/aes_operation.cpp
907c3015d0edf1e43cdc9e0bba0e3fc23dca8cfc 08-Dec-2014 Shawn Willden <swillden@google.com> Add support for AES OCB encryption.

This change was already reviewed, merged and reverted, so I'm skipping
the review step this time.

Change-Id: Ibc80bec7e47468d4eb668f1bd9a188e51cb7d567
/system/keymaster/aes_operation.cpp
29d898717bc48ca59cd3fb1e30efdad36f13ccec 20-Jan-2015 Shawn Willden <swillden@google.com> Revert "Add support for AES OCB encryption."

This reverts commit 5e251019d7402f4bf43b7acf287cf69372885f1b.
/system/keymaster/aes_operation.cpp
5e251019d7402f4bf43b7acf287cf69372885f1b 08-Dec-2014 Shawn Willden <swillden@google.com> Add support for AES OCB encryption.

Change-Id: I97ab46fdce972d29af261041c41cf38d6904e736
/system/keymaster/aes_operation.cpp