0797016108191fcf54bec412702d13f1646da041 |
|
08-Jan-2018 |
Shawn Willden <swillden@google.com> |
Refactor AES operations to generalize block cipher operations. In preparation for adding 3DES support, this CL moves the code that does all the block cipher work from AesOperation to EvpBlockCipherOperation (and associated classes). To make it easier to see what was changed, the block cipher code was left in aes_operation.{cpp|h}. The next CL will move it to separate files. Test: make (local unit tests), CTS & VTS Change-Id: Ibbf870c351425ea8d990218aa0ae089d0b2ada4b
/system/keymaster/km_openssl/symmetric_key.cpp
|
59c6af81b6b510dd991ab04b8d65f1bab966d0c8 |
|
01-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Key class takes ownership of AuthorizationSets The key object is constantly passed around together with the two authorization sets, while the Key class has a field for the combined authorizations sets. This is doubly awkward. 1. In the combined authorization list the information about the level of enforcement is lost. 2. The combined authorization list takes up memory that is up to the same size as the two separate authorization list which have roughly the same life cycle. Also the allocation of the additional memory can cause the constructor of Key to fail (i.e., in the TEE environment) which gave rise to the error [out] parameter to communicate the failure to the caller. With this patch, the constructor of Key takes ownership of the individual authorization lists. This preserves the information about the enforcement levels (1). The AuthorizationSets can now be passed around conveniently with the key it belongs to. The memory for authorizations is no longer duplicated (2). And the move semantic of the constructor guarantees that it can no longer fail obviating the need for the error [out] parameter. Additionally the Key class now keeps the original key blob around. It also got a key_factory_ field allowing a key to be associated with its factory. This is particularly useful for hybrid keymaster implementation where keys can have different factories, depending on their authorizations. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: I1d235e16f9120b3d29ef4c71ff7a19d98700559f
/system/keymaster/km_openssl/symmetric_key.cpp
|
41d5a7486e335387c8dd9437e0c84b285b5c7f28 |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Factoring GenerateRandom out of the KeymasterContext GenerateRandom is never called by AndroidKeymaster and is, therefore, not requiered to be part of the KeymasterContext interface. This patch moves Generate Random out of KeymasterContext and introduces a new abstract interface GenerateRandom. It also provides a default openssl based impelemtation, SoftwareRandomSource. As of this patch GenerateRandom is still called by OperationTable which is part of the AndroidKeymaster core logic. This is why KeymasterContext still implements the new RandomSource interface unconditionally. This will change in a subsequent commit. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: Ib16aeb80bf777d7b08d06deadae8a32de280f8ba
/system/keymaster/km_openssl/symmetric_key.cpp
|
da157a3b17b315c1c36f346c18037656946755aa |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Move CreateKeyBlob to SoftwareKeyBlobMaker CreateKeyBlob is an implementation specific function that is never called by AndroidKeymaster and, therefore, need not be part of the KeymasterContext interface. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: I0cff878da878907be0f7b16a54dfd45f50d40ca5
/system/keymaster/km_openssl/symmetric_key.cpp
|
f54cc93ccf57a94f9a2c660dbf3e06494adf178d |
|
11-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Reorganize keymaster directories Keymaster files have been reorganized into the following directories - android_keymaster The core android keymaster logic including some utilities that have no special libray dependencies - km_openssl Openssl based implementation primitives of android keymaster. These primitives can be used to implemented an openssl based software implementation of AndroidKeymaster. - legacy_support Primitives implemented in terms of older keymaster hal version. These primitives can be used to implement AndroidKeymaster in terms of keymaster 0 or 1 hals. They are used to provide wrappers around old keymaster hals, filling in missing features with software implementations. - contexts Implementations of various contexts from pure software to legacy hal hybrids. - key_blob_utils Support code for formatting keymaster key blobs including support for legacy android keymaster blob formats. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: Ia8eacd301a5c5fa5f5f625caafcec5d07e168249
/system/keymaster/km_openssl/symmetric_key.cpp
|