| 0797016108191fcf54bec412702d13f1646da041 |
|
08-Jan-2018 |
Shawn Willden <swillden@google.com> |
Refactor AES operations to generalize block cipher operations.
In preparation for adding 3DES support, this CL moves the code that
does all the block cipher work from AesOperation to
EvpBlockCipherOperation (and associated classes). To make it easier
to see what was changed, the block cipher code was left in
aes_operation.{cpp|h}. The next CL will move it to separate files.
Test: make (local unit tests), CTS & VTS
Change-Id: Ibbf870c351425ea8d990218aa0ae089d0b2ada4b
/system/keymaster/km_openssl/symmetric_key.cpp
|
| 59c6af81b6b510dd991ab04b8d65f1bab966d0c8 |
|
01-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Key class takes ownership of AuthorizationSets
The key object is constantly passed around together with the two
authorization sets, while the Key class has a field for the
combined authorizations sets. This is doubly awkward.
1. In the combined authorization list the information
about the level of enforcement is lost.
2. The combined authorization list takes up memory that is up to
the same size as the two separate authorization list which
have roughly the same life cycle. Also the allocation
of the additional memory can cause the constructor of Key
to fail (i.e., in the TEE environment) which gave rise to the
error [out] parameter to communicate the failure to the caller.
With this patch, the constructor of Key takes ownership of the
individual authorization lists. This preserves the information
about the enforcement levels (1). The AuthorizationSets can now
be passed around conveniently with the key it belongs to.
The memory for authorizations is no longer duplicated (2). And
the move semantic of the constructor guarantees that it can no
longer fail obviating the need for the error [out] parameter.
Additionally the Key class now keeps the original key blob around.
It also got a key_factory_ field allowing a key to be associated
with its factory. This is particularly useful for hybrid keymaster
implementation where keys can have different factories, depending
on their authorizations.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I1d235e16f9120b3d29ef4c71ff7a19d98700559f
/system/keymaster/km_openssl/symmetric_key.cpp
|
| 41d5a7486e335387c8dd9437e0c84b285b5c7f28 |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Factoring GenerateRandom out of the KeymasterContext
GenerateRandom is never called by AndroidKeymaster and is, therefore,
not requiered to be part of the KeymasterContext interface.
This patch moves Generate Random out of KeymasterContext and introduces
a new abstract interface GenerateRandom. It also provides a default
openssl based impelemtation, SoftwareRandomSource.
As of this patch GenerateRandom is still called by OperationTable
which is part of the AndroidKeymaster core logic. This is why
KeymasterContext still implements the new RandomSource interface
unconditionally. This will change in a subsequent commit.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Ib16aeb80bf777d7b08d06deadae8a32de280f8ba
/system/keymaster/km_openssl/symmetric_key.cpp
|
| da157a3b17b315c1c36f346c18037656946755aa |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Move CreateKeyBlob to SoftwareKeyBlobMaker
CreateKeyBlob is an implementation specific function that is never
called by AndroidKeymaster and, therefore, need not be part of the
KeymasterContext interface.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: I0cff878da878907be0f7b16a54dfd45f50d40ca5
/system/keymaster/km_openssl/symmetric_key.cpp
|
| f54cc93ccf57a94f9a2c660dbf3e06494adf178d |
|
11-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Reorganize keymaster directories
Keymaster files have been reorganized into the following directories
- android_keymaster
The core android keymaster logic including some utilities that have
no special libray dependencies
- km_openssl
Openssl based implementation primitives of android keymaster. These
primitives can be used to implemented an openssl based software
implementation of AndroidKeymaster.
- legacy_support
Primitives implemented in terms of older keymaster hal version.
These primitives can be used to implement AndroidKeymaster in terms
of keymaster 0 or 1 hals. They are used to provide wrappers around
old keymaster hals, filling in missing features with software
implementations.
- contexts
Implementations of various contexts from pure software to legacy
hal hybrids.
- key_blob_utils
Support code for formatting keymaster key blobs including support
for legacy android keymaster blob formats.
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Ia8eacd301a5c5fa5f5f625caafcec5d07e168249
/system/keymaster/km_openssl/symmetric_key.cpp
|