| 5b2143b0fc60699e134274d55a0c4e821bd39603 |
|
11-Jan-2017 |
Janis Danisevskis <jdanis@google.com> |
Fix inconsistent error condition
Keymaster1Engine::GetKeymaster1PublicKey may propagate an error
condition in two different ways, depending on how it fails.
If it returns nullptr the error may be set in the error parameter
or it may be in the state of openSSL. The caller of this function
would try to retrieve the error from openSSL regardless of how
it failed. This is wrong.
With this patch,GetKeymaster1PublicKey retrieves the error from
openSSL when it happens and consistently returns an error code
in the error parameter.
This patch also modifies the callers to check for errors
accordingly.
Test: ran full keystore CTS test
Change-Id: Id6f4c14657e3742d900f4e27aaf74379616c7b9c
/system/keymaster/keymaster1_engine.cpp
|
| ea1bd6220dc9f2872c8b2376a7888742208690e9 |
|
15-Dec-2016 |
David Benjamin <davidben@google.com> |
Tidy up *_METHOD setup.
Avoid enumerating all fields and instead zero-initialize everything.
Also remove the bn_mod_exp setters. That hook is ignored. (I'm not sure
it's ever been necessary to set it.)
See https://boringssl.googlesource.com/boringssl/+/master/include/openssl/rsa.h#576
Change-Id: Id420492bbf91f0c03a080a7d6b83c859b7fc74e8
Test: mmm system/keymaster
/system/keymaster/keymaster1_engine.cpp
|
| f764e06882608a29478091550999b5b4ee58a504 |
|
06-Nov-2015 |
Adam Langley <agl@google.com> |
system/keymaster: insulate the code from BoringSSL changes.
memsetting structures to zero means that future additions or removals of
fields that you don't care about won't break this code. Additions would
be especially nasty because they would be uninitialised, probably
non-NULL and the compiler wouldn't notice.
Change-Id: Iebfcc336998d851f96d13a89f528501da40c48c9
/system/keymaster/keymaster1_engine.cpp
|
| 01d8f24c45067bc3d909e3aae9a72582f3c985a1 |
|
16-Nov-2015 |
Shawn Willden <swillden@google.com> |
Fix pass-through of deletion on wrapped KM0 and KM1.
SoftKeymasterDevice was incorrectly directly sending deletion requests
to wrapped hardware. In some cases the key blob passed in by
SoftKeymasterDevice is a hardware blob encapsulated by a wrapper, and we
need to remove the encapsulation before passing it on.
Bug: 25676862
Change-Id: Ic315c6b08d9ec15aa0be8f28f485a221bc7f1135
/system/keymaster/keymaster1_engine.cpp
|
| fabacaf3e6019804cc8a98a2b8296be1d0125519 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: I5af3215e96bb015049574aa18327cd7f7499dbd3
/system/keymaster/keymaster1_engine.cpp
|
| 1181779c5e6c8627b94067d86db6a2f7d5309674 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Revert "ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves."
This reverts commit 41998988331ff38e922a59ef008896beb3145ba0.
Change-Id: Ifed6b4e5a69310770373a396271f02da5c9d8934
/system/keymaster/keymaster1_engine.cpp
|
| 41998988331ff38e922a59ef008896beb3145ba0 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/system/keymaster/keymaster1_engine.cpp
|
| d599b15c0693950bdc72fb867872044fdc484ef5 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt.
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/keymaster1_engine.cpp
|