Cross Reference: /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp

History log of /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
a22bc7450b8a114843a27c36c511910bf4472914	03-May-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Fix Keymaster HAL crash." into oc-dev
0c3dd48665d0ed6501b828d42fb946d05fdbdafb	12-Apr-2017	Janis Danisevskis <jdanis@google.com>	Fix KM3.0 deleteKey behavior inconsistent with VTS test. Keymaster 3.0 VTS test required that deleteKey returns ErrorCode::OK even if the key blob parameter is invalid or garbage. The rationale is that deleteKey shall have the invariant that key blobs are unusable after the deleteKey call. If it was unusable before, this invariant is upheld. This patch makes the legacy wrapper for the Keymaster HAL translate an ErrorCode::INVALID_KEY_BLOB retuned by the legacy delete_key to ErrorCode::OK. Bug: 37351644 Test: Manually run VtsHalKeymasterV3_0TargetTest with legacy keymaster HAL installed (tested with sailfish) Change-Id: Ib22c8b8e10334770a1d4a5570acf16c2c52a6c60 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
fa67c8fc1d2c50ea9d4e04492d06f992ea65d2b6	24-Apr-2017	Shawn Willden <swillden@google.com>	Fix Keymaster HAL crash. Test: VTS test validates this fix Change-Id: I5996c2166cf4141c97424df64a380f45b001d52e /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
8304a9040c60150504376aad87ba334e8afd3605	20-Apr-2017	Bartosz Fabianowski <bartfab@google.com>	Finish adding manufacturer and model to device ID attestation This is a follow-up to change I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c, where manufacturer and model were added to the set of attestable device IDs. Bug: 37522655 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: Ied4246f4fc490feb2093f04c268aab83c8e1326d /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
dc9965665e90a9ac11486838f472e262e68d1e0d	12-Apr-2017	Shawn Willden <swillden@google.com>	Require attestation app ID. Bug: 37318025 Test: Manually tested Change-Id: Iaa992c8d22e0c88c2a2570355199befa484adc19 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
63e15f079062579a1b1866026eee0fca5d677fb7	30-Mar-2017	Shawn Willden <swillden@google.com>	Revert "Revert "Add keymaster VTS tests."" This reverts commit 8e10baee45a1bfab4094869159b8ede270b6d416. Test: Tests pass, except known failures with in-progress vendor fixes Change-Id: Ia95c1444100e123fa65d095b001878cf9040d0c4 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
8e10baee45a1bfab4094869159b8ede270b6d416	29-Mar-2017	Keun Soo Yim <yim@google.com>	Revert "Add keymaster VTS tests." This reverts commit dda22ea8845f6906d4bccc13bf142d96a43976c5. Change-Id: Ie6a60e17ed5258840eba3d3f6b8092636160b2c2 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
dda22ea8845f6906d4bccc13bf142d96a43976c5	02-Dec-2016	Shawn Willden <swillden@google.com>	Add keymaster VTS tests. Note: Recent Google devices have keymaster implementations that don't pass this test suite. See https://goo.gl/6hsGwa for a summary. Bug: 32022681 Test: This is the test suite. Change-Id: Ib200b68e0c7844df02eb9f086385d6c36e306d45 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
031b6050b17358538e27211c0cdb1021235290e5	28-Mar-2017	Shawn Willden <swillden@google.com>	Revert "Add auth token parsing to IKeymasterDevice.hal" This reverts commit 62f63c7ddbd08737e298a97975754225e5da0126. Reason for revert: b/36637075 Bug: 36637075 Change-Id: Ie0e8d0b480047a7c68f266e7e5d8a31722f85128 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
62f63c7ddbd08737e298a97975754225e5da0126	17-Feb-2017	Shawn Willden <swillden@google.com>	Add auth token parsing to IKeymasterDevice.hal Auth tokens have an unfortunate dual character. To most of the system they are opaque blobs that are intended only to be obtained from one HAL (e.g. gatekeeper or fingerprint) and passed to another HAL (keymaster), but keystore actually needs to extract some bits of information from them in order to determine which of the available blobs should be provided for a given keymaster key operation. This CL adds a method that resolves this dual nature by moving the responsibility of parsing blobs to the HAL so that no component of the framework has to make any assumptions about their content and all can treat them as fully opaque. This still means that the various HAL implementers have to agree on content, but they also have to agree on an HMAC key which much be securely distributed to all at every boot, so asking them to agree on an auth token format is perfectly acceptable. But now the Android system doesn't have to care about the format. Bug: 32962548 Test: CTS tests pass, plus manual testing. Change-Id: I78aa6e4ea9c5d8f34906b0969909387e2c5894e6 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
d4417fb98233bf090755fb2eba580c8e33d1714b	23-Feb-2017	Shawn Willden <swillden@google.com>	Add digest support and implementation name to getHardwareFeatures This is needed to support the keystore statistics gathering initiative. It will allow us to get information about what kinds of keymaster implementations exist in the ecosystem, and which ones fail in which ways. Bug: 36549319 Test: Will add to VTS tests Change-Id: I49ee4623656060d69a6de7723b11cd715150451a /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
dc039363d9a7e7ea19696b938173f81405e85860	23-Mar-2017	TreeHugger Robot <treehugger-gerrit@google.com>	Merge "Add manufacturer and model to device ID attestation"
b77dbe37c10d9508275a8021ee7a99c10e0e1612	22-Mar-2017	Janis Danisevskis <jdanis@google.com>	Check for unimplemented keymaster function delete_key delete_key is optional and may not be implemented by a legacy hal. So the function pointer must be checked for nullptr prior to being used. Bug: 36500704 Test: run VTS tests with legacy hal that does not implement delete_key Change-Id: Ie51dd173314826ef260319153c7df96d88b8a42f /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
2377553df2c46394029c43e4fb1eb2c500b434fe	20-Mar-2017	Bartosz Fabianowski <bartfab@google.com>	Add manufacturer and model to device ID attestation Discussions have shown that in addition to brand, device and product, we should also allow devices to attest their manufacturer and model. Bug: 36433192 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
50624e995d07b8fa214f8e0885696445df470018	13-Feb-2017	Bartosz Fabianowski <bartfab@google.com>	Have generateKey() treat additional entropy as optional KeyStore.generateKey() takes an entropy parameter. This is optional and can be null. That is how KeyStore used to work but a recent refactor made us always feed the entropy to keymaster, even if it is empty (null or byte[0] on the Java side). This CL makes us ignore such empty entropy again. We only noticed this because a recently added GTS test that happens to set the entropy to null is failing on some hardware (other keymaster implementations silently ignore this invalid attempt to set entropy). Bug: 35156555 Test: gts-tradefed run gts --module GtsGmscoreHostTestCases --test com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: Iadaf40e69350c17dd18e4dc2a1dab97fa911e1bf /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
aac0fc739eeee0e94cac113f3e37ebc878547341	23-Jan-2017	Bartosz Fabianowski <bartfab@google.com>	Add device id attestation This adds device id attestation to the Keymaster 3.0 HAL. Device id attestation must only be offered if the device can permanently destroy device ids on request. The default implementation cannot do this because it lacks storage that would survive device wipes. Hence, the implementation refuses all device id attestation requests. Bug: 34597337 Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp
0f35e5a013bfd7f65d3065b3e9fc72aa5a63edc3	12-Oct-2016	Janis Danisevskis <jdanis@google.com>	Add default implementation for binderized Keymaster HAL and service The default implementation loads the device's legacy keymaster hal and wraps in a softkeymasterdevice if the capabilities of the device is less than keymaster 2. Test: builds Bug: 32020919 Change-Id: Ia7e274673b77c2712c386d573715ed3725b0c158 /hardware/interfaces/keymaster/3.0/default/KeymasterDevice.cpp