5b2143b0fc60699e134274d55a0c4e821bd39603 |
|
11-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix inconsistent error condition Keymaster1Engine::GetKeymaster1PublicKey may propagate an error condition in two different ways, depending on how it fails. If it returns nullptr the error may be set in the error parameter or it may be in the state of openSSL. The caller of this function would try to retrieve the error from openSSL regardless of how it failed. This is wrong. With this patch,GetKeymaster1PublicKey retrieves the error from openSSL when it happens and consistently returns an error code in the error parameter. This patch also modifies the callers to check for errors accordingly. Test: ran full keystore CTS test Change-Id: Id6f4c14657e3742d900f4e27aaf74379616c7b9c
/system/keymaster/keymaster1_engine.cpp
|
ea1bd6220dc9f2872c8b2376a7888742208690e9 |
|
15-Dec-2016 |
David Benjamin <davidben@google.com> |
Tidy up *_METHOD setup. Avoid enumerating all fields and instead zero-initialize everything. Also remove the bn_mod_exp setters. That hook is ignored. (I'm not sure it's ever been necessary to set it.) See https://boringssl.googlesource.com/boringssl/+/master/include/openssl/rsa.h#576 Change-Id: Id420492bbf91f0c03a080a7d6b83c859b7fc74e8 Test: mmm system/keymaster
/system/keymaster/keymaster1_engine.cpp
|
f764e06882608a29478091550999b5b4ee58a504 |
|
06-Nov-2015 |
Adam Langley <agl@google.com> |
system/keymaster: insulate the code from BoringSSL changes. memsetting structures to zero means that future additions or removals of fields that you don't care about won't break this code. Additions would be especially nasty because they would be uninitialised, probably non-NULL and the compiler wouldn't notice. Change-Id: Iebfcc336998d851f96d13a89f528501da40c48c9
/system/keymaster/keymaster1_engine.cpp
|
01d8f24c45067bc3d909e3aae9a72582f3c985a1 |
|
16-Nov-2015 |
Shawn Willden <swillden@google.com> |
Fix pass-through of deletion on wrapped KM0 and KM1. SoftKeymasterDevice was incorrectly directly sending deletion requests to wrapped hardware. In some cases the key blob passed in by SoftKeymasterDevice is a hardware blob encapsulated by a wrapper, and we need to remove the encapsulation before passing it on. Bug: 25676862 Change-Id: Ic315c6b08d9ec15aa0be8f28f485a221bc7f1135
/system/keymaster/keymaster1_engine.cpp
|
fabacaf3e6019804cc8a98a2b8296be1d0125519 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves. Change-Id: I5af3215e96bb015049574aa18327cd7f7499dbd3
/system/keymaster/keymaster1_engine.cpp
|
1181779c5e6c8627b94067d86db6a2f7d5309674 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Revert "ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves." This reverts commit 41998988331ff38e922a59ef008896beb3145ba0. Change-Id: Ifed6b4e5a69310770373a396271f02da5c9d8934
/system/keymaster/keymaster1_engine.cpp
|
41998988331ff38e922a59ef008896beb3145ba0 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves. Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/system/keymaster/keymaster1_engine.cpp
|
d599b15c0693950bdc72fb867872044fdc484ef5 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt. The keymaster1 specification only requires HW modules to implement SHA256 out of the list of keymaster1 digest modes. That would force many keys to be software only, and would break legacy scenarios. This change uses SoftKeymasterDevice to front keymaster modules that don't implement the full suite of digests, quietly inserting KM_DIGEST_NONE and KM_PAD_NONE into key generation/import requests when necessary, then performing the digesting, and sometimes padding, in software, then delegating crypto operations to the hardware. This is only done for RSA and EC keys. Software digesting isn't possible for HMAC or AES-GCM keys. Note that this is not the complete fix for the bug. Some changes in keystore are also required, coming in another CL. Bug: 22529223 Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/keymaster1_engine.cpp
|