| d16d923716a4e54ca4c9003ff4b356705f1e10b7 |
|
22-Jan-2018 |
TreeHugger Robot <treehugger-gerrit@google.com> |
Merge "Add additional parameters to importWrappedKey"
|
| 3c665a20c7a63fc601b5d21d8bf7a1b5567ffa6f |
|
19-Jan-2018 |
Shawn Willden <swillden@google.com> |
Add additional parameters to importWrappedKey
Bug: 31675676
Test: local unit tests and VtsHalKeymasterV4_0TargetTest
Change-Id: Ia865b035604b3d42ab5b3de6f22b2fac8400ddbf
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| 18534d54bc4b5087dc10d4c8901ce38ed19669db |
|
08-Jan-2018 |
Shawn Willden <swillden@google.com> |
Add VerifyAuthorization support.
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I1f9a952ee2ad3605f67f58c9f57a46df57556f92
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| dd7e8a099bdc6310c066d7b99f29faa8d0932c86 |
|
12-Jan-2018 |
Shawn Willden <swillden@google.com> |
AndroidKeymaster: ImportWrappedKey
•Add KM_PURPOSE_WRAP for wrapped key import
•Parse the wrapped key format
Test: tests/android_keymaster_test
Change-Id: I06b61128ff72b119747cfce9cab754b22a13ec00
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| deffcb7efaac94b2c674247cb9888a0af3d7e256 |
|
08-Jan-2018 |
Shawn Willden <swillden@google.com> |
Move Key into Operation
The Keymaster implementation creates a Key object and then passes it
to an Operation object, which copies parts of it. The Key object is
not needed after the Operation has been created, so much of that
copying is unnecessary. This CL begins changes that by passing an
rvalue reference to the Key to the Operation, and modifying operations
so they move the pieces of the Key that they need out, wherever
possible.
Test: make (local unit tests), VTS and CTS
Change-Id: I6c9a27d9ee85ccaeed1efb0fcc3ed0f8694c5771
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| 8b940582387a8a8f35584bd557b01a8b87610481 |
|
02-Jan-2018 |
Shawn Willden <swillden@google.com> |
Implement HMAC sharing in Android keymaster.
Test: make tests/android_keymaster_test.run
Change-Id: I5372b97e97a2e13bd551c422bb15d27246d8cb47
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| 59c6af81b6b510dd991ab04b8d65f1bab966d0c8 |
|
01-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Key class takes ownership of AuthorizationSets
The key object is constantly passed around together with the two
authorization sets, while the Key class has a field for the
combined authorizations sets. This is doubly awkward.
1. In the combined authorization list the information
about the level of enforcement is lost.
2. The combined authorization list takes up memory that is up to
the same size as the two separate authorization list which
have roughly the same life cycle. Also the allocation
of the additional memory can cause the constructor of Key
to fail (i.e., in the TEE environment) which gave rise to the
error [out] parameter to communicate the failure to the caller.
With this patch, the constructor of Key takes ownership of the
individual authorization lists. This preserves the information
about the enforcement levels (1). The AuthorizationSets can now
be passed around conveniently with the key it belongs to.
The memory for authorizations is no longer duplicated (2). And
the move semantic of the constructor guarantees that it can no
longer fail obviating the need for the error [out] parameter.
Additionally the Key class now keeps the original key blob around.
It also got a key_factory_ field allowing a key to be associated
with its factory. This is particularly useful for hybrid keymaster
implementation where keys can have different factories, depending
on their authorizations.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I1d235e16f9120b3d29ef4c71ff7a19d98700559f
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| dc877aea40979bb5a18206cd9cec7bb4f31442e2 |
|
15-May-2017 |
Janis Danisevskis <jdanis@google.com> |
UniquePtrize Operations
Have Operations handled by UniquePtrs. Also add
keymaster::remove_reference and keymaster::move to express
proper move semantics without requiring stl.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I2b1802835316daa93e424c1ce1f49a03d00d93ff
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| f3dc0b841da2c8938e4a8081ef6c6199ed92c876 |
|
15-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Moved operation handle generation into the begin operation
I moved the generation of a operation handle into the operation
implementation. Random number generation is highly
implementation dependent, and the bookkeeping of operations is
very generic.
An AndroidKeymaster implementation that uses another legacy
keymaster implementation does not need either. But while the
bookkeeping is very lightweight and self contained, the random
number generation pulls in dependencies (here openssl) which
are not needed. Therefore, I decided to move the generation of
operation handles out of the OperationTable (bookkeeping). And
into the begin operation, where dependencies to crypto functionality
already exists.
Edit: This patch now also includes the fix for Bug: 65286954
Previously fixed by CL: I320c5d03911942e873680ba0d7ea91044920e936
Bug: 65286954
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Idd27915e4f3db816d3257144fb9e1c664920ffba
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| 3bfda165bb8a2b91dfe039c92f96cd50aa3d8c2e |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Move attestation related code to seperate compilation unit
Attestation related functions from KeymasterContext are never called by
AndroidKeymaster but rather by the code that imiplmenets attestation.
Therefore, this patch moves this interface from KeymasterContext to
AttestationRecordContext in attestation_record.h.
Also
- Move attestation key material to contexts/soft_attestation_certs for
reuse by other contexts.
- Moved attestation related code from asymmetric_key to
attestation_utils.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I38ed66f69629893783dc639166855963ae7b43f6
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| a93a1fa619c986265cd8c06c9de2bd34c6d68152 |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Removed unused code and more cleanup
- whitespace fixes
- initialize uninitialized class field
- use existing typedef instead of longform of UniquePtr specialization
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I18adb32952315a0392399c2d74a11d7990f435b0
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| 41d5a7486e335387c8dd9437e0c84b285b5c7f28 |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Factoring GenerateRandom out of the KeymasterContext
GenerateRandom is never called by AndroidKeymaster and is, therefore,
not requiered to be part of the KeymasterContext interface.
This patch moves Generate Random out of KeymasterContext and introduces
a new abstract interface GenerateRandom. It also provides a default
openssl based impelemtation, SoftwareRandomSource.
As of this patch GenerateRandom is still called by OperationTable
which is part of the AndroidKeymaster core logic. This is why
KeymasterContext still implements the new RandomSource interface
unconditionally. This will change in a subsequent commit.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Ib16aeb80bf777d7b08d06deadae8a32de280f8ba
/system/keymaster/android_keymaster/android_keymaster.cpp
|
| f54cc93ccf57a94f9a2c660dbf3e06494adf178d |
|
11-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Reorganize keymaster directories
Keymaster files have been reorganized into the following directories
- android_keymaster
The core android keymaster logic including some utilities that have
no special libray dependencies
- km_openssl
Openssl based implementation primitives of android keymaster. These
primitives can be used to implemented an openssl based software
implementation of AndroidKeymaster.
- legacy_support
Primitives implemented in terms of older keymaster hal version.
These primitives can be used to implement AndroidKeymaster in terms
of keymaster 0 or 1 hals. They are used to provide wrappers around
old keymaster hals, filling in missing features with software
implementations.
- contexts
Implementations of various contexts from pure software to legacy
hal hybrids.
- key_blob_utils
Support code for formatting keymaster key blobs including support
for legacy android keymaster blob formats.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Ia8eacd301a5c5fa5f5f625caafcec5d07e168249
/system/keymaster/android_keymaster/android_keymaster.cpp
|