| e30b8536b0d94874a2c0a9cc53df48a41ddf043b |
|
21-Sep-2017 |
Shawn Willden <swillden@google.com> |
Fix handling of auth-per-op keys and software digesting
When keystore is using a keymaster1 hardware device that does not
implement all digest algorithms (as allowed by the KM1 spec), keystore
does digesting in software and uses the underlying keymaster1 hardware
to perform the core cryptographic operation.
When auth-per-operation keys (i.e. fingerprint-bound keys) are used, a
keymaster operation is created and associated with an "operation
handle" (64-bit integer). This handle is embedded in the authentication
token generated by the fingerprint matcher, which is what "unlocks" the
key for that one operation.
When those two situations are combined, the SoftKeymasterDevice which
wraps the hardware was caching the keymaster-generated operation handle
for use in completing the operation, but generating its own operation
handle which it returned to keystore. So the software layer's operation
handle got embedded in the auth token and when that auth token was
presented to the hardware, the hardware refuse to accept it, since it
did not contain the hardware's operation handle.
The fix is to have the software wrapper use the underlying hardware's
operation handle.
Bug: 65286954
Test: Manually tested with app linked on above bug
Change-Id: I320c5d03911942e873680ba0d7ea91044920e936
/system/keymaster/operation_table.cpp
|
| f38a002624126ca837865826f948edc9100d6e8a |
|
26-Apr-2017 |
Janis Danisevskis <jdanis@google.com> |
Make keymaster more self contained
Keymaster uses UniquePtr, a reimplementation of std::unique_ptr offered
by the Android framework. As keymaster becomes part of the trebbelized
HAL, it must build with the vndk. As such it must not use framework
headers. An attempt to replace UniquePtr with std::unique_ptr, which
is available in the vndk, failed because keymaster, i.e., parts thereof,
must also build and run in the Trusty environment which does not have
a full C++ STL.
This patch makes keymaster more self contained. To that end the
following was done by this patch.
* Install a copy of UniquePtr.h in include/keymaster.
* Add a tiny subset of STL symbols to keymaster.
* Reorganize linking units and
* build parts of keymaster with stl: "none".
libkeymaster1 was split into libkeymaster_portable and libkeymaster.
The former comprises all compilation units that are included
in the keymaster TA (trusted app) and must run on Trusty.
This library is built with the option stl: "none" to raise
compilation errors as soon as someone tries to use STL features.
A tiny subset of STL symbols, which are also available in Trusty
is weakly defined in keymaster_stl.cpp.
The latter library comprises some other functionality that is
used by the softkeymasterdevice on Android and may use the STL.
Bug: 37467707
Test: keymaster vts tests and keystore cts test
Change-Id: I884336e1a2d2c6402a2c7deb27010fd88b907b6b
/system/keymaster/operation_table.cpp
|
| cf3763f666d2236159a22b496b6ede55878aa100 |
|
03-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Revert "Make keymaster more self contained"
This reverts commit dcd67c1dd0a457feec619974b3d7d077903012a8.
Reason for revert: build breakage
Change-Id: Id7a1b29d82f69ab21e7c461dbabc4e1466870359
/system/keymaster/operation_table.cpp
|
| dcd67c1dd0a457feec619974b3d7d077903012a8 |
|
26-Apr-2017 |
Janis Danisevskis <jdanis@google.com> |
Make keymaster more self contained
Keymaster uses UniquePtr, a reimplementation of std::unique_ptr offered
by the Android framework. As keymaster becomes part of the trebbelized
HAL, it must build with the vndk. As such it must not use framework
headers. An attempt to replace UniquePtr with std::unique_ptr, which
is available in the vndk, failed because keymaster, i.e., parts thereof,
must also build and run in the Trusty environment which does not have
a full C++ STL.
This patch makes keymaster more self contained. To that end the
following was done by this patch.
* Install a copy of UniquePtr.h in include/keymaster.
* Add a tiny subset of STL symbols to keymaster.
* Reorganize linking units and
* build parts of keymaster with stl: "none".
libkeymaster1 was split into libkeymaster_portable and libkeymaster.
The former comprises all compilation units that are included
in the keymaster TA (trusted app) and must run on Trusty.
This library is built with the option stl: "none" to raise
compilation errors as soon as someone tries to use STL features.
A tiny subset of STL symbols, which are also available in Trusty
is weakly defined in keymaster_stl.cpp.
The latter library comprises some other functionality that is
used by the softkeymasterdevice on Android and may use the STL.
Test: keymaster vts tests and keystore cts test
Change-Id: Iba03b45cc3d20854c577160f90fe24bfa7857986
/system/keymaster/operation_table.cpp
|
| 0f906ec40f6ade7955c6b967ea522aade54ea2e4 |
|
20-Jun-2015 |
Shawn Willden <swillden@google.com> |
Add buffer wrap checks and disable throwing of std::bad_alloc.
Android is built with exceptions disabled, but "operator new" and
"operator new[]" still throw std::bad_alloc on failure rather than
returning new. In general this is a good thing, because it will cause
an immediate crash of the process rather than assigning a null pointer
which is probably not checked. But most memory allocations in Keymaster
are checked, because it's written to run in an environment where new
does *not* throw. This CL updates the code to explicitly use the
non-throwing new.
A handful of throwing news remain, but only in places where a crash on
failure is appropriate.
In addition, this CL also inserts buffer wrap checks in key locations
and changes the development-machine Makefile to build in 32-bit mode, to
make memory problems more apparent.
Bug: 21888473
Change-Id: I8ebc5ec12053e4f5274f6f57ce312abc10611cef
/system/keymaster/operation_table.cpp
|
| 344549836442988693f27be8252c31bd2ebefdee |
|
30-Apr-2015 |
Shawn Willden <swillden@google.com> |
Modify RAND_bytes calls to handle -1 return code.
Bug: 20554394
Change-Id: I54dce88f7bb90bd5660e9d3a7be9b9646bcc12bd
(cherry picked from commit 9ee79fb55049c242b12e067df1a824f18622ccfd)
/system/keymaster/operation_table.cpp
|
| 6f49e5f4e0e9698357417ea8ea26f3b86a2793db |
|
20-Mar-2015 |
Chad Brubaker <cbrubaker@google.com> |
Remove calls to Entry::~Entry in Delete
The code was using ~Entry to clear the entry for later using a
destructed object is undefined behavior and the object wasn't actually
being zeroed causing the table to fill up and no new operations could be
started.
Change-Id: I236043cc9796e2c6def210b10634de7fa489a8d9
/system/keymaster/operation_table.cpp
|
| 23d4a742109fa29d6be20d3dc56a1b48797fe7b2 |
|
19-Mar-2015 |
Shawn Willden <swillden@google.com> |
Revert "Revert "Refactor GoogleKeymaster's operation table to a new class.""
This reverts commit 5a665cdeb6b4e44c57b0c0855e09045f8e2d2226. It also
incorporates one small change: operation_table.h #includes keymaster_defs.h
rather than keymaster1.h. This is important to avoid breaking Trusty.
Change-Id: Ia320d8599ea1d73930669fa61a82201ec1f833e8
/system/keymaster/operation_table.cpp
|
| bfd323c639dae9a9c8f386cf099aec3e810a934b |
|
19-Mar-2015 |
Shawn Willden <swillden@google.com> |
Revert "Refactor GoogleKeymaster's operation table to a new class."
This reverts commit 09d4ba3322e9a8b7c0e2d4a6c3dcacd7aed5ae22.
This is to unbreak Trusty build.
Change-Id: I47f90516a9e80e0c24bcea956072226bb7829991
/system/keymaster/operation_table.cpp
|
| 09d4ba3322e9a8b7c0e2d4a6c3dcacd7aed5ae22 |
|
04-Mar-2015 |
Shawn Willden <swillden@google.com> |
Refactor GoogleKeymaster's operation table to a new class.
This makes it reusable for Keymaster0Adapter.
Bug: 19508876
Change-Id: I38bdcf2ef9e9945ded2f15172962f6a997279100
/system/keymaster/operation_table.cpp
|