a22bc7450b8a114843a27c36c511910bf4472914 |
|
03-May-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Fix Keymaster HAL crash." into oc-dev
|
0c3dd48665d0ed6501b828d42fb946d05fdbdafb |
|
12-Apr-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix KM3.0 deleteKey behavior inconsistent with VTS test. Keymaster 3.0 VTS test required that deleteKey returns ErrorCode::OK even if the key blob parameter is invalid or garbage. The rationale is that deleteKey shall have the invariant that key blobs are unusable after the deleteKey call. If it was unusable before, this invariant is upheld. This patch makes the legacy wrapper for the Keymaster HAL translate an ErrorCode::INVALID_KEY_BLOB retuned by the legacy delete_key to ErrorCode::OK. Bug: 37351644 Test: Manually run VtsHalKeymasterV3_0TargetTest with legacy keymaster HAL installed (tested with sailfish) Change-Id: Ib22c8b8e10334770a1d4a5570acf16c2c52a6c60
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
fa67c8fc1d2c50ea9d4e04492d06f992ea65d2b6 |
|
24-Apr-2017 |
Shawn Willden <swillden@google.com> |
Fix Keymaster HAL crash. Test: VTS test validates this fix Change-Id: I5996c2166cf4141c97424df64a380f45b001d52e
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
8304a9040c60150504376aad87ba334e8afd3605 |
|
20-Apr-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Finish adding manufacturer and model to device ID attestation This is a follow-up to change I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c, where manufacturer and model were added to the set of attestable device IDs. Bug: 37522655 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: Ied4246f4fc490feb2093f04c268aab83c8e1326d
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
dc9965665e90a9ac11486838f472e262e68d1e0d |
|
12-Apr-2017 |
Shawn Willden <swillden@google.com> |
Require attestation app ID. Bug: 37318025 Test: Manually tested Change-Id: Iaa992c8d22e0c88c2a2570355199befa484adc19
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
63e15f079062579a1b1866026eee0fca5d677fb7 |
|
30-Mar-2017 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add keymaster VTS tests."" This reverts commit 8e10baee45a1bfab4094869159b8ede270b6d416. Test: Tests pass, except known failures with in-progress vendor fixes Change-Id: Ia95c1444100e123fa65d095b001878cf9040d0c4
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
8e10baee45a1bfab4094869159b8ede270b6d416 |
|
29-Mar-2017 |
Keun Soo Yim <yim@google.com> |
Revert "Add keymaster VTS tests." This reverts commit dda22ea8845f6906d4bccc13bf142d96a43976c5. Change-Id: Ie6a60e17ed5258840eba3d3f6b8092636160b2c2
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
dda22ea8845f6906d4bccc13bf142d96a43976c5 |
|
02-Dec-2016 |
Shawn Willden <swillden@google.com> |
Add keymaster VTS tests. Note: Recent Google devices have keymaster implementations that don't pass this test suite. See https://goo.gl/6hsGwa for a summary. Bug: 32022681 Test: This is the test suite. Change-Id: Ib200b68e0c7844df02eb9f086385d6c36e306d45
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
031b6050b17358538e27211c0cdb1021235290e5 |
|
28-Mar-2017 |
Shawn Willden <swillden@google.com> |
Revert "Add auth token parsing to IKeymasterDevice.hal" This reverts commit 62f63c7ddbd08737e298a97975754225e5da0126. Reason for revert: b/36637075 Bug: 36637075 Change-Id: Ie0e8d0b480047a7c68f266e7e5d8a31722f85128
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
62f63c7ddbd08737e298a97975754225e5da0126 |
|
17-Feb-2017 |
Shawn Willden <swillden@google.com> |
Add auth token parsing to IKeymasterDevice.hal Auth tokens have an unfortunate dual character. To most of the system they are opaque blobs that are intended only to be obtained from one HAL (e.g. gatekeeper or fingerprint) and passed to another HAL (keymaster), but keystore actually needs to extract some bits of information from them in order to determine which of the available blobs should be provided for a given keymaster key operation. This CL adds a method that resolves this dual nature by moving the responsibility of parsing blobs to the HAL so that no component of the framework has to make any assumptions about their content and all can treat them as fully opaque. This still means that the various HAL implementers have to agree on content, but they also have to agree on an HMAC key which much be securely distributed to all at every boot, so asking them to agree on an auth token format is perfectly acceptable. But now the Android system doesn't have to care about the format. Bug: 32962548 Test: CTS tests pass, plus manual testing. Change-Id: I78aa6e4ea9c5d8f34906b0969909387e2c5894e6
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
d4417fb98233bf090755fb2eba580c8e33d1714b |
|
23-Feb-2017 |
Shawn Willden <swillden@google.com> |
Add digest support and implementation name to getHardwareFeatures This is needed to support the keystore statistics gathering initiative. It will allow us to get information about what kinds of keymaster implementations exist in the ecosystem, and which ones fail in which ways. Bug: 36549319 Test: Will add to VTS tests Change-Id: I49ee4623656060d69a6de7723b11cd715150451a
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
dc039363d9a7e7ea19696b938173f81405e85860 |
|
23-Mar-2017 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add manufacturer and model to device ID attestation"
|
b77dbe37c10d9508275a8021ee7a99c10e0e1612 |
|
22-Mar-2017 |
Janis Danisevskis <jdanis@google.com> |
Check for unimplemented keymaster function delete_key delete_key is optional and may not be implemented by a legacy hal. So the function pointer must be checked for nullptr prior to being used. Bug: 36500704 Test: run VTS tests with legacy hal that does not implement delete_key Change-Id: Ie51dd173314826ef260319153c7df96d88b8a42f
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
2377553df2c46394029c43e4fb1eb2c500b434fe |
|
20-Mar-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add manufacturer and model to device ID attestation Discussions have shown that in addition to brand, device and product, we should also allow devices to attest their manufacturer and model. Bug: 36433192 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
50624e995d07b8fa214f8e0885696445df470018 |
|
13-Feb-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Have generateKey() treat additional entropy as optional KeyStore.generateKey() takes an entropy parameter. This is optional and can be null. That is how KeyStore used to work but a recent refactor made us always feed the entropy to keymaster, even if it is empty (null or byte[0] on the Java side). This CL makes us ignore such empty entropy again. We only noticed this because a recently added GTS test that happens to set the entropy to null is failing on some hardware (other keymaster implementations silently ignore this invalid attempt to set entropy). Bug: 35156555 Test: gts-tradefed run gts --module GtsGmscoreHostTestCases --test com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: Iadaf40e69350c17dd18e4dc2a1dab97fa911e1bf
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
aac0fc739eeee0e94cac113f3e37ebc878547341 |
|
23-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add device id attestation This adds device id attestation to the Keymaster 3.0 HAL. Device id attestation must only be offered if the device can permanently destroy device ids on request. The default implementation cannot do this because it lacks storage that would survive device wipes. Hence, the implementation refuses all device id attestation requests. Bug: 34597337 Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|
0f35e5a013bfd7f65d3065b3e9fc72aa5a63edc3 |
|
12-Oct-2016 |
Janis Danisevskis <jdanis@google.com> |
Add default implementation for binderized Keymaster HAL and service The default implementation loads the device's legacy keymaster hal and wraps in a softkeymasterdevice if the capabilities of the device is less than keymaster 2. Test: builds Bug: 32020919 Change-Id: Ia7e274673b77c2712c386d573715ed3725b0c158
/hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
|