| f38a002624126ca837865826f948edc9100d6e8a |
|
26-Apr-2017 |
Janis Danisevskis <jdanis@google.com> |
Make keymaster more self contained
Keymaster uses UniquePtr, a reimplementation of std::unique_ptr offered
by the Android framework. As keymaster becomes part of the trebbelized
HAL, it must build with the vndk. As such it must not use framework
headers. An attempt to replace UniquePtr with std::unique_ptr, which
is available in the vndk, failed because keymaster, i.e., parts thereof,
must also build and run in the Trusty environment which does not have
a full C++ STL.
This patch makes keymaster more self contained. To that end the
following was done by this patch.
* Install a copy of UniquePtr.h in include/keymaster.
* Add a tiny subset of STL symbols to keymaster.
* Reorganize linking units and
* build parts of keymaster with stl: "none".
libkeymaster1 was split into libkeymaster_portable and libkeymaster.
The former comprises all compilation units that are included
in the keymaster TA (trusted app) and must run on Trusty.
This library is built with the option stl: "none" to raise
compilation errors as soon as someone tries to use STL features.
A tiny subset of STL symbols, which are also available in Trusty
is weakly defined in keymaster_stl.cpp.
The latter library comprises some other functionality that is
used by the softkeymasterdevice on Android and may use the STL.
Bug: 37467707
Test: keymaster vts tests and keystore cts test
Change-Id: I884336e1a2d2c6402a2c7deb27010fd88b907b6b
/system/keymaster/openssl_utils.h
|
| cf3763f666d2236159a22b496b6ede55878aa100 |
|
03-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Revert "Make keymaster more self contained"
This reverts commit dcd67c1dd0a457feec619974b3d7d077903012a8.
Reason for revert: build breakage
Change-Id: Id7a1b29d82f69ab21e7c461dbabc4e1466870359
/system/keymaster/openssl_utils.h
|
| dcd67c1dd0a457feec619974b3d7d077903012a8 |
|
26-Apr-2017 |
Janis Danisevskis <jdanis@google.com> |
Make keymaster more self contained
Keymaster uses UniquePtr, a reimplementation of std::unique_ptr offered
by the Android framework. As keymaster becomes part of the trebbelized
HAL, it must build with the vndk. As such it must not use framework
headers. An attempt to replace UniquePtr with std::unique_ptr, which
is available in the vndk, failed because keymaster, i.e., parts thereof,
must also build and run in the Trusty environment which does not have
a full C++ STL.
This patch makes keymaster more self contained. To that end the
following was done by this patch.
* Install a copy of UniquePtr.h in include/keymaster.
* Add a tiny subset of STL symbols to keymaster.
* Reorganize linking units and
* build parts of keymaster with stl: "none".
libkeymaster1 was split into libkeymaster_portable and libkeymaster.
The former comprises all compilation units that are included
in the keymaster TA (trusted app) and must run on Trusty.
This library is built with the option stl: "none" to raise
compilation errors as soon as someone tries to use STL features.
A tiny subset of STL symbols, which are also available in Trusty
is weakly defined in keymaster_stl.cpp.
The latter library comprises some other functionality that is
used by the softkeymasterdevice on Android and may use the STL.
Test: keymaster vts tests and keystore cts test
Change-Id: Iba03b45cc3d20854c577160f90fe24bfa7857986
/system/keymaster/openssl_utils.h
|
| e2f93d451d9412dc639689d71856801a0c9e0f28 |
|
13-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix google-explicit-constructor warnings in keymaster.
am: 5d5e42b081
Change-Id: I79d188487898ec0072546ef26ef89788ea61cdf6
|
| 5d5e42b081646208e134a96d0cb500e6b6e8f043 |
|
12-Jul-2016 |
Chih-Hung Hsieh <chh@google.com> |
Fix google-explicit-constructor warnings in keymaster.
Declare explicit conversion constructors.
Bug: 28341362
Change-Id: Iee7c71c96ca01174bad5d8852888f0af9bc80242
Test: build with clang-tidy
/system/keymaster/openssl_utils.h
|
| d487dc9e95162f249048bd31d4191a0d50b77496 |
|
25-Apr-2016 |
Shawn Willden <swillden@google.com> |
Add key usage extension to attestation certificates.
SoftKeymaster doesn't add the key usage extension to attestation
certificates, as required by RFC 5280 and the attestation design doc.
Bug: 28366730
Change-Id: Ic782a032c8b39754d60bca98126acff7b3179678
/system/keymaster/openssl_utils.h
|
| aa58329b5bc3b30c6a01221b2a89808ebf347650 |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Add attestation support to Key classes.""
This reverts commit 722d8a41268d9a6819b27d217b177709571b5548.
Change-Id: If085e5e9a9b77763420d9c7883414a4ca368d2b2
/system/keymaster/openssl_utils.h
|
| 722d8a41268d9a6819b27d217b177709571b5548 |
|
28-Jan-2016 |
Shawn Willden <swillden@google.com> |
Revert "Add attestation support to Key classes."
This reverts commit 4d0465999644336d636442a86795293298b22035.
Change-Id: I53d386e0d95c25e794ef88801d80e80ccfeea768
/system/keymaster/openssl_utils.h
|
| 4d0465999644336d636442a86795293298b22035 |
|
06-Jan-2016 |
Shawn Willden <swillden@google.com> |
Add attestation support to Key classes.
Also make it a bit easier to define pointers to OpenSSL types.
Bug: 22914603
Change-Id: Iccfe04a58e7d5e45f0dc0e83b72856fcb04e83f0
/system/keymaster/openssl_utils.h
|
| f7538e0127ec2cb5202b0cbc64ad8305aae6243b |
|
21-May-2015 |
Quan Nguyen <quannguyen@google.com> |
KDF1 and KDF2
Change-Id: I34a1116adf650eb5fe7937940d7bb768fd28b9a1
/system/keymaster/openssl_utils.h
|
| fabacaf3e6019804cc8a98a2b8296be1d0125519 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: I5af3215e96bb015049574aa18327cd7f7499dbd3
/system/keymaster/openssl_utils.h
|
| 1181779c5e6c8627b94067d86db6a2f7d5309674 |
|
23-Nov-2015 |
Shawn Willden <swillden@google.com> |
Revert "ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves."
This reverts commit 41998988331ff38e922a59ef008896beb3145ba0.
Change-Id: Ifed6b4e5a69310770373a396271f02da5c9d8934
/system/keymaster/openssl_utils.h
|
| 41998988331ff38e922a59ef008896beb3145ba0 |
|
26-Mar-2015 |
Thai Duong <thaidn@google.com> |
ECIES: add ECIES-KEM. This version supports HKDF and ECDH with NIST curves.
Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
/system/keymaster/openssl_utils.h
|
| d599b15c0693950bdc72fb867872044fdc484ef5 |
|
28-Jul-2015 |
Shawn Willden <swillden@google.com> |
Do digesting, and sometimes padding, in SW when HW doesnt.
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes. That would force
many keys to be software only, and would break legacy scenarios. This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.
This is only done for RSA and EC keys. Software digesting isn't
possible for HMAC or AES-GCM keys.
Note that this is not the complete fix for the bug. Some changes in
keystore are also required, coming in another CL.
Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
/system/keymaster/openssl_utils.h
|
| d530305019e1ccc1e30a4f8edeb88db3d126e235 |
|
22-Jun-2015 |
Shawn Willden <swillden@google.com> |
Validate input sizes for RSA and ECDSA signing/verification ops.
Bug: 21955742
Change-Id: I4385a6539229b174facd5f04ce0391e2e8c3608d
/system/keymaster/openssl_utils.h
|
| 0f906ec40f6ade7955c6b967ea522aade54ea2e4 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/openssl_utils.h
|
| 398c158a0206217025f327c2d26bb6c86659f5a0 |
|
28-May-2015 |
Shawn Willden <swillden@google.com> |
Move assymetric key factory declarations to includes.
This exposes EcKeyFactory and RsaKeyFactory so they can be used for
constructing the Trusty KeymasterContext. Note that there are no code
changes, just reorganization.
Change-Id: I8e8e068fb875f9d9c5c35320a545347dc33bc507
/system/keymaster/openssl_utils.h
|
| 6270aca8571399aca8ea538acd7386ddecdcc112 |
|
26-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate ECDSA keys to keymaster0 in SoftKeymasterDevice.
Bug: 20912868
Change-Id: If63899e3244aed45d939d0165e6d94a1caa9d220
/system/keymaster/openssl_utils.h
|
| 2beb628bfefae72fa6bb84a6235da7e3de532823 |
|
21-May-2015 |
Shawn Willden <swillden@google.com> |
Delegate RSA keys to keymaster0 in SoftKeymasterDevice.
Bug: 20912868
Change-Id: I515a125f1247357d2cd9b4633c3b223590848093
/system/keymaster/openssl_utils.h
|
| 4d306ec792b4348253aa77dff965bff5def1dccb |
|
04-Mar-2015 |
Shawn Willden <swillden@google.com> |
Factor PKCS8 to EVP conversion out of AsymmetricKey.
Bug: 19508876
Change-Id: I7d5a7363a43c47dc33b0de53040b593de096e1c3
/system/keymaster/openssl_utils.h
|
| b9d584d3dacc8041e5502cd0d036e21895eb6dc6 |
|
23-Jan-2015 |
Shawn Willden <swillden@google.com> |
Switch to using keymaster_defs.h from libhardware.
In the past it was convenient to have a local copy of this file
(for reasons which no longer apply).
Change-Id: Ie4a6f80abd16c77c0252f64ec65f2beeeef9a7a3
/system/keymaster/openssl_utils.h
|
| 2c8dd3e93d66fed41561933105e6050ff0655d76 |
|
18-Sep-2014 |
Shawn Willden <swillden@google.com> |
Refactor: Separate asymmetric key types.
Change-Id: I3368798a8ecea319bb0bfcd6ff24e9a7b6287c80
/system/keymaster/openssl_utils.h
|
| 28e41475a2559824a0f3f2c850ed92a65c586f95 |
|
18-Aug-2014 |
Shawn Willden <swillden@google.com> |
Add DSA key generation.
Also refactor RSA key generation a bit.
Change-Id: I838ff58210f0a3be41f04c7e945e998751fca9f5
/system/keymaster/openssl_utils.h
|