81b7b5f68ce27b146933e93dc601e9e6de27473a |
|
20-Mar-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add manufacturer and model to device ID attestation Discussions have shown that in addition to brand, device and product, we should also allow devices to attest their manufacturer and model. Bug: 36433192 Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest Change-Id: I126003420a93241e04bf18ee7ff8e6aefa5599a8
/hardware/libhardware/include/hardware/keymaster_defs.h
|
38925770ef26c6adaa8b4d343c642f1ed8f9bdd3 |
|
25-Jan-2017 |
Frank Salim <franksalim@google.com> |
Revert "Add new purpose to the HAL layer." This reverts commit ee2f29de40a45a3d4660aacf02bca99f1aa134f5. Reason for revert: Remove partial support for wrapped key import Change-Id: Iefb57c910a3d05fa9e2c9660c2ac236c2ecc9cc0
/hardware/libhardware/include/hardware/keymaster_defs.h
|
9d2f5b911e758b372abccf10ff25c926929a217a |
|
23-Jan-2017 |
Bartosz Fabianowski <bartfab@google.com> |
Add device id attestation tags This syncs the keymaster defs with the Keymaster 3.0 HAL definition after the addition of device id attestation. Bug: 34597337 Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest Change-Id: I75a4b7cca6da83b239fba97964415788dbcd8862
/hardware/libhardware/include/hardware/keymaster_defs.h
|
ee2f29de40a45a3d4660aacf02bca99f1aa134f5 |
|
04-Jan-2017 |
Crystal Qin <crystalyq@google.com> |
Add new purpose to the HAL layer. Test: There will be a CTS test CL. Change-Id: Ic623b7be8949fe0adb3706958a9be59f267057c4
/hardware/libhardware/include/hardware/keymaster_defs.h
|
0b885c10323743e86f9dc620e443bf53c77b47cd |
|
06-Oct-2016 |
Tucker Sylvestro <tuckeris@google.com> |
Treat all tags as unsigned when comparing them am: 28a872eb79 am: 8f1436275a Change-Id: I2b3f571ed02470ab6b1e46f7d239fbd767c68225
|
28a872eb797716868770a2115a6ef55f2178df6d |
|
05-Oct-2016 |
Tucker Sylvestro <tuckeris@google.com> |
Treat all tags as unsigned when comparing them All tags are presumed to be unsigned, but some of them have signed representations that are negative. This caused problems in AuthorizationSet.Deduplicate, where TAG_APPLICATION_DATA (signed rep of -1879047492) was being sorted before TAG_INVALID (0), which was presumed to always be first in the list. BUG: 30701680 Change-Id: I67047cee21fd7617248022a4674779fe80d5ddfd
/hardware/libhardware/include/hardware/keymaster_defs.h
|
3696685df4a57bb1cf6ef3a0e99c0ea7a2368ff3 |
|
01-Jun-2016 |
Janis Danisevskis <jdanis@google.com> |
add error code KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING This error code is required by keystore. Bug: 22914603 Change-Id: Icda276cb6b6faf2c0bb0c98a3c5700612a92e51b
/hardware/libhardware/include/hardware/keymaster_defs.h
|
b62995e42e434d328a5f41dd3844e06df24323a9 |
|
20-May-2016 |
Janis Danisevskis <jdanis@google.com> |
add tag KM_TAG_ATTESTATION_APPLICATION_ID This tag is used by keystore for denoting key attestation applications IDs Bug: 22914603 Change-Id: Ie92352686123e0172ca0df20f54059a4c92c319c
/hardware/libhardware/include/hardware/keymaster_defs.h
|
e366efd5bb89b2e7556055c5287c4e81e8820785 |
|
20-Mar-2016 |
Shawn Willden <swillden@google.com> |
Zero length in keymaster_free_param_set. Change-Id: I0b9999e4c148d70369549cbd2fcdbbff7321a587
/hardware/libhardware/include/hardware/keymaster_defs.h
|
aeb15d64fc331476150622fc693222e3d920b9ec |
|
19-Mar-2016 |
Shawn Willden <swillden@google.com> |
Add keymaster_security_level_t for attestation. Change-Id: Iffa71e3c285d35c2feafd04e8153306f086a3118
/hardware/libhardware/include/hardware/keymaster_defs.h
|
3080276974953e4c61716a71760831f392a75986 |
|
10-Mar-2016 |
Shawn Willden <swillden@google.com> |
Remove agree_key and add configure to keymaster2. Key agreement (ECDH) has been punted from the N release, and a configuration method has been added to support version binding. Change-Id: Ia4aeee1bd7ab88cda3b9faa653470e608aa55942
/hardware/libhardware/include/hardware/keymaster_defs.h
|
7fd11186a6731402fd5a33b26da9edf738dd750b |
|
03-Feb-2016 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_ATTESTATION_CHALLENGE. Bug: 22914603 Change-Id: Ibf1341f47ab3cecd4a8e3099b819c5cac0d81b17
/hardware/libhardware/include/hardware/keymaster_defs.h
|
ef01d9796740b44d098ea1de355cb62af4f52cb5 |
|
29-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge "Add KM_TAG_ALLOW_WHILE_ON_BODY." am: f704e8a939 am: b9733d9bff * commit 'b9733d9bff225ae0b16feeb64283b123225af465': Add KM_TAG_ALLOW_WHILE_ON_BODY.
|
71ca0109becc23c7cfe49c57cbcb56e142667771 |
|
26-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_ALLOW_WHILE_ON_BODY. Change-Id: I39ca0eee8be46a6acc65e975aad81d2f2c2aa5b8
/hardware/libhardware/include/hardware/keymaster_defs.h
|
1227f460cee2745a790b42611aee4dce82d2d4d6 |
|
25-Jan-2016 |
Shawn Willden <swillden@google.com> |
Merge "Add keymaster2 HAL." am: 0c5612db38 am: 7b4766882d * commit '7b4766882d1a11a4b87570e7f0b83c5116a64f07': Add keymaster2 HAL.
|
cf30fe17fd6e367b43884a3091939fe6aa0ab603 |
|
22-Dec-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster2 HAL. Change-Id: Ibfcda30f33077f61e74701fa026983f9e72e140e
/hardware/libhardware/include/hardware/keymaster_defs.h
|
20e4f8ea3b175ee4d73ef12cbc28d00185f16fc5 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Merge "ECIES: adding ECIES-KEM" am: 3aa7935ef2 am: 7adb2d457c am: 2eef78d355 * commit '2eef78d355c62f3e1b5ec626a080a7e3f91257c9': ECIES: adding ECIES-KEM
|
40d59c8155ba3e47126993d96031ea088e45b22d |
|
03-Apr-2015 |
Thai Duong <thaidn@google.com> |
ECIES: adding ECIES-KEM Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/hardware/libhardware/include/hardware/keymaster_defs.h
|
a3c0ae16ac1a9f7a8fced4b196d138cefa9462a5 |
|
12-Aug-2015 |
Chad Brubaker <cbrubaker@google.com> |
Fix benign unsigned overflow On the last check of the conditional param_count-- causes an unsigned wrap around. This isn't incorrect but does lead to a false positive with fsanitize unsigned-integer-overflow Change-Id: If3eb7a9e248d0404a434de2ead70e8c099e84ddf
/hardware/libhardware/include/hardware/keymaster_defs.h
|
70335f3d30cf32a6f0352b75430aa6474821399d |
|
08-Jul-2015 |
Shawn Willden <swillden@google.com> |
Correct keymaster1 documentation. Bug: 22291207 Change-Id: I130d2ab2110321dc2228d41a154750da3a3f0b75
/hardware/libhardware/include/hardware/keymaster_defs.h
|
a3f0ab55a73d4c21de9f34ec21f27a2609b568fd |
|
08-Jul-2015 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_MIN_MAC_LENGTH. This allows the binding of minimum length for MACs or tags to HMAC keys and AEAD symmetric keys. Later attempts to use these keys with a shorter MAC or tag specification (provided to begin() with KM_TAG_MAC_LENGTH) will fail with KM_ERROR_INVALID_MAC_LENGTH. Bug: 22337277 Change-Id: Ic5292ce01bdd6ecde25aad115e4b407aadc85f23
/hardware/libhardware/include/hardware/keymaster_defs.h
|
fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2 |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Rename keymaster tag types to clarify that integers are unsigned."" This reverts commit 1fb6c227deb04b66dc0fe947a7ebb027dde0ecda. Change-Id: Iccc8a7ff40a694b1e4420a5de4b847e62289ff42
/hardware/libhardware/include/hardware/keymaster_defs.h
|
1fb6c227deb04b66dc0fe947a7ebb027dde0ecda |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Revert "Rename keymaster tag types to clarify that integers are unsigned." This reverts commit 335920edaec77b77eac09f7966c337cbed93aa17. Change-Id: Ib65f744b93ad2b62d5848dcf743397124a08911b
/hardware/libhardware/include/hardware/keymaster_defs.h
|
335920edaec77b77eac09f7966c337cbed93aa17 |
|
24-Jun-2015 |
Shawn Willden <swillden@google.com> |
Rename keymaster tag types to clarify that integers are unsigned. Bug: 22008538 Change-Id: I699a0f03aaf0f9f49a78b310763364fc2fb34c90
/hardware/libhardware/include/hardware/keymaster_defs.h
|
396d6cbce987deac076ac1a636d3f7282ec9338d |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add new error codes for rate-limit and max-use failures. Bug: 21607106 Change-Id: I2e5515efe51b84200ade8c4c4cc5db3800d4b658
/hardware/libhardware/include/hardware/keymaster_defs.h
|
7ac0c0f5ad1a7f5cc317b8f8d356edbb7f02ed24 |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Update comments on now-unsed user ID and app ID tags. I'd just remove them but Trusty keymaster has been generating keys with KM_TAG_ALL_USERS and KM_TAG_ALL_APPLICATIONS, so removing them without breaking those keys is tricky. Plus I think they may come back. Bug: 21845167 Change-Id: I3b807e3e4bee64eba72b7fa6f1ee1929c4ca9dd0
/hardware/libhardware/include/hardware/keymaster_defs.h
|
da89dde9787dfbd8c053119ab52d9e671106b18e |
|
18-Jun-2015 |
Shawn Willden <swillden@google.com> |
Remove KM_TAG_AEAD_TAG. Bug: 19919114 Change-Id: I06fdd0f9b8e247587d800031d3367078423baa50
/hardware/libhardware/include/hardware/keymaster_defs.h
|
7eaa15ffa65239e8f4f23d21ff1a6ed66ed9a13f |
|
03-Jun-2015 |
Shawn Willden <swillden@google.com> |
Fix extern "C" guards. Change-Id: Ibc8e023e3712903dbcbfac5fc64223e32775fe40
/hardware/libhardware/include/hardware/keymaster_defs.h
|
4144c64818fcb88905bc2632e3747be3681a1405 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAG Bug: 19919114 Change-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52
/hardware/libhardware/include/hardware/keymaster_defs.h
|
4c19a3af3535eb3442ff7cc4235420baf16322b7 |
|
01-Jun-2015 |
Shawn Willden <swillden@google.com> |
Fix block mode numbering (CTR got added as 4 rather than 3) Change-Id: I8c886c67ba081255ef18eb0f99ca1e6003fabb33
/hardware/libhardware/include/hardware/keymaster_defs.h
|
fb769fc3125d2939683f2f5bff2cf25816e5838c |
|
11-May-2015 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_BOOTLOADER_ONLY. Change-Id: Ia507a1378487640683985dbce2e76679261900d3 (cherry picked from commit 3eed99a54b55a120c835de63b5872121b2fe98d1)
/hardware/libhardware/include/hardware/keymaster_defs.h
|
9b31a49c3633895d9a2bf08ddb2ea73f8e8d0c64 |
|
11-May-2015 |
Shawn Willden <swillden@google.com> |
Remove rescoping. Rescoping was never a very good solution to the problem of supporting multiple sets of authorizations for a given key material. For M we're removing it and in the future a better solution will be provided. Change-Id: I6f7585274487bd66e4d90e89014af41e9aa30411 (cherry picked from commit 7f10ab99fc63e99252d924b9e0bdfefef5374b40)
/hardware/libhardware/include/hardware/keymaster_defs.h
|
4bdd7cbd47c7b89f6a47c3dbba648a3d95f9a45d |
|
28-Apr-2015 |
Shawn Willden <swillden@google.com> |
Add KM_ERROR_CALLER_NONCE_PROHIBITED error code. Bug: 20127433 Change-Id: I32eab62459003c526d3cf9ef108be7b2fd709960
/hardware/libhardware/include/hardware/keymaster_defs.h
|
d359b044830b292f492f8a8df5471f869e358399 |
|
13-Apr-2015 |
Shawn Willden <swillden@google.com> |
Add KM_ORIGIN_UNKNOWN. This designates keys whose origin cannot be determined because the keymaster implementation is old and did not record it. Change-Id: I3c366d527ed211c59f6dc04ddb48f3e9b3a07c7d
/hardware/libhardware/include/hardware/keymaster_defs.h
|
fe895d1bf7fa366f2ca0b0fdebb1be07339cbcd2 |
|
26-Feb-2015 |
Shawn Willden <swillden@google.com> |
Make several key crypto parameters repeatable. Note that there's a pre-requisite to landing this CL: The Nexus 9 keystore.flounder.so must be modified to translate between new and old tag numbers when the TEE side is version 0. Bug: 19509156 Change-Id: Ic584d8a6bf5601f9754563b67b3cc6b3ca6b5ff9
/hardware/libhardware/include/hardware/keymaster_defs.h
|
8d6cf2594c9524205a6f5823378d1b983a1ad073 |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Simplify keymaster_key_origin_t. Change-Id: Iaba6156f238ea3bb1ad103b88ccea17344d296af
/hardware/libhardware/include/hardware/keymaster_defs.h
|
cd640d125f389576f15af75101dd2b372e907aca |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Reduce the list of keymaster key formats to the required set. Change-Id: I3a0830ab2066d4c16c084d19040ec98e520896d4
/hardware/libhardware/include/hardware/keymaster_defs.h
|
8412fdc42866b4d5c07370f06c2767a4cad5c23a |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Reduce the list of keymaster padding modes to the required set. Change-Id: If04ffc8e92678f57e2b730f77c0fab195e1096c4
/hardware/libhardware/include/hardware/keymaster_defs.h
|
fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1e |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Reduce keymaster digest list to required set. Change-Id: Id5c660feb7e71ea76473523e3a86e1ba01f19c82
/hardware/libhardware/include/hardware/keymaster_defs.h
|
c7deedad047c6e5833daeaa2a73f25b77ba0b9eb |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Reduce keymaster block modes to the required set. Change-Id: I8f804978208e2c8701bd52dc79b5597a307b7e7a
/hardware/libhardware/include/hardware/keymaster_defs.h
|
e9797a740c913cff9152f89d04fd6fb360dda048 |
|
07-Apr-2015 |
Shawn Willden <swillden@google.com> |
Reduce keymaster algorithm list to the required set. Change-Id: Ibffddc5c3a5c728182f5ca7f6a76381413fc8645
/hardware/libhardware/include/hardware/keymaster_defs.h
|
4719acae0218b38226b6479a400efdcbb3593f21 |
|
14-Mar-2015 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_USER_SECURE_ID. This tag identifies the user authorized to use the key. Unlike KM_TAG_USER_ID, its value does not reference the Linux-side user ID, but a secure-world user ID, generated and managed by secure-world authentication apps. Bug: 19511945 Change-Id: I629ab2c47ee6d42de20a963ef283e330364c8ee7
/hardware/libhardware/include/hardware/keymaster_defs.h
|
c51d01ed029458e8809eeb9c16f9ed2dbe755be4 |
|
19-Mar-2015 |
Shawn Willden <swillden@google.com> |
Use extern "C" rather than BEGIN/END_DECLS. For compatibility with Trusty. I'll probably revert this later after I find a proper fix for Trusty. Change-Id: I49b4ae55251398eec2a6633e09bbc468f16a4d14
/hardware/libhardware/include/hardware/keymaster_defs.h
|
c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9 |
|
14-Mar-2015 |
Shawn Willden <swillden@google.com> |
Add KM_TAG_AUTH_TOKEN and corresponding auth token structure. We may want to put the auth token structure elsewhere; it's consumed by keymaster but produced by other components. Bug: 19511945 Change-Id: Id9a22ad32137f3e0380c2812f790bbecab511d11
/hardware/libhardware/include/hardware/keymaster_defs.h
|
ed94111cce5b3b6fff9833f99ea80f4ab7b37c04 |
|
12-Mar-2015 |
Shawn Willden <swillden@google.com> |
Add error codes. Change-Id: I78cac1887fd41dd426e7d125a5f9c54e73188983
/hardware/libhardware/include/hardware/keymaster_defs.h
|
67411d6f5116c52c1b82330b6cd096974636db36 |
|
04-Mar-2015 |
Shawn Willden <swillden@google.com> |
Add keymaster_key_param_compare function. This provides a reasonable ordering for params. Change-Id: I1e3b403070d9e7621cc55c03ff9876ea3bbc699f
/hardware/libhardware/include/hardware/keymaster_defs.h
|
fd4b4d5a9b692bbeedc310f3bc970d849035f43d |
|
24-Feb-2015 |
Shawn Willden <swillden@google.com> |
Separate keymaster0 and keymaster1 HALs. For now the keymaster1 HAL still includes all of the keymaster0 entry points, and soft_keymaster_device will continue to implement them. In the near future the keymaster0 entry points will be removed, as soon as we can ensure that keystore no longer needs them. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
/hardware/libhardware/include/hardware/keymaster_defs.h
|
340d0b12c5446f1d8c38209780fb00c205289d37 |
|
21-Feb-2015 |
Alex Klyubin <klyubin@google.com> |
Clarify the meaning of KM_TAG_MAC_LENGTH. Change-Id: I18478923059783e955613142a8d3352f98f5d7b0
/hardware/libhardware/include/hardware/keymaster_defs.h
|
0e5fca1ca4777f5f5d5fa8bd0de139e42077881b |
|
18-Feb-2015 |
Shawn Willden <swillden@google.com> |
Merge changes Id4bdfdcb,Ib94f3606 * changes: Added insecure (chunkless) AEAD option. Add additional param lists to update and finish.
|
892ae44c5f805f6ac64e6e756964c79998411742 |
|
18-Feb-2015 |
Shawn Willden <swillden@google.com> |
Merge "Rename KM_TAG_ADDITIONAL_DATA to KM_TAG_ASSOCIATED_DATA"
|
f883b988e7fa3b750c5a4b0ed8b53ce999ca3842 |
|
13-Feb-2015 |
Chad Brubaker <cbrubaker@google.com> |
Add explicit values to keymaster_key_format_t Change-Id: I4113286396b16ca687fbd8bc38b2f16063fc1024
/hardware/libhardware/include/hardware/keymaster_defs.h
|
79d79346843e03e390ccc61787959ab9e59edf0f |
|
10-Feb-2015 |
Shawn Willden <swillden@google.com> |
Added insecure (chunkless) AEAD option. Also moved chunk length specification to operation parameter rather than keygen parameter. Change-Id: Id4bdfdcb1c7b64b3f22b4027e037e37c2860ec39
/hardware/libhardware/include/hardware/keymaster_defs.h
|
67ba9e8144ba65ef6fe55bf8211530f2a55b320c |
|
07-Feb-2015 |
Shawn Willden <swillden@google.com> |
Rename KM_TAG_ADDITIONAL_DATA to KM_TAG_ASSOCIATED_DATA Change-Id: Ieddd706ee205100719f7e2f9e18b3d9b07c37669
/hardware/libhardware/include/hardware/keymaster_defs.h
|
e1b7636ca1c60b766a195ad20b3e2957f1edb375 |
|
03-Feb-2015 |
Shawn Willden <swillden@google.com> |
Add raw key format, for symmetric key import. Change-Id: I38700cdafcf1f244584d6e88f8d9540c70a7de56
/hardware/libhardware/include/hardware/keymaster_defs.h
|
f7745ac27e45cb3935f66d7b26ce46e952032893 |
|
03-Feb-2015 |
Shawn Willden <swillden@google.com> |
Remove "required" label from DSA algorithm. Change-Id: I088e6094ec56f434356d11ab2032b1a5b1223334
/hardware/libhardware/include/hardware/keymaster_defs.h
|
41e91e9fa3ac011ade869238f3ce0b3f3ce1e025 |
|
30-Jan-2015 |
Shawn Willden <swillden@google.com> |
Add tag to allow caller-specified nonce. Change-Id: I7c3c5bd5f26a4d465554c998f673e0ee2ab8b86e
/hardware/libhardware/include/hardware/keymaster_defs.h
|
6b424bea8074c997745b3758f8fde0ef925e3218 |
|
26-Jan-2015 |
Shawn Willden <swillden@google.com> |
Rename KM_ERROR_UNSUPPORTED_TAG_LENGTH to KM_ERROR_UNSUPPORTED_MAC_LENGTH. Change-Id: I514a136b5cbdb1ab1df67d44a22d68a09427a711
/hardware/libhardware/include/hardware/keymaster_defs.h
|
dc0007bdb41f4ed49bc7a6e30908967cea503bf7 |
|
23-Jan-2015 |
Shawn Willden <swillden@google.com> |
Change per-boot tag and remove rescope auth timeout tag. Change the boolean KM_TAG_SINGLE_USE_PER_BOOT to an integer-valued KM_TAG_USES_PER_BOOT. This makes it more flexible without changing implementation complexity. Remove KM_TAG_RESCOPE_AUTH_TIMEOUT because there's no clear use case and it seems unnecessarily complex. Change-Id: Iad1512f5cc80f517e5ea7622288179c162bed2ad
/hardware/libhardware/include/hardware/keymaster_defs.h
|
9d645a003b0d77462a5f9696a238aacc32580f07 |
|
12-Jun-2014 |
Shawn Willden <swillden@google.com> |
Define keymaster HAL v0.4. Change-Id: I040412443bbbe25bce3d44759d710b78eac36caa
/hardware/libhardware/include/hardware/keymaster_defs.h
|