59c6af81b6b510dd991ab04b8d65f1bab966d0c8 |
|
01-Jun-2017 |
Janis Danisevskis <jdanis@google.com> |
Key class takes ownership of AuthorizationSets The key object is constantly passed around together with the two authorization sets, while the Key class has a field for the combined authorizations sets. This is doubly awkward. 1. In the combined authorization list the information about the level of enforcement is lost. 2. The combined authorization list takes up memory that is up to the same size as the two separate authorization list which have roughly the same life cycle. Also the allocation of the additional memory can cause the constructor of Key to fail (i.e., in the TEE environment) which gave rise to the error [out] parameter to communicate the failure to the caller. With this patch, the constructor of Key takes ownership of the individual authorization lists. This preserves the information about the enforcement levels (1). The AuthorizationSets can now be passed around conveniently with the key it belongs to. The memory for authorizations is no longer duplicated (2). And the move semantic of the constructor guarantees that it can no longer fail obviating the need for the error [out] parameter. Additionally the Key class now keeps the original key blob around. It also got a key_factory_ field allowing a key to be associated with its factory. This is particularly useful for hybrid keymaster implementation where keys can have different factories, depending on their authorizations. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: I1d235e16f9120b3d29ef4c71ff7a19d98700559f
/system/keymaster/legacy_support/rsa_keymaster0_key.cpp
|
da157a3b17b315c1c36f346c18037656946755aa |
|
12-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Move CreateKeyBlob to SoftwareKeyBlobMaker CreateKeyBlob is an implementation specific function that is never called by AndroidKeymaster and, therefore, need not be part of the KeymasterContext interface. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: I0cff878da878907be0f7b16a54dfd45f50d40ca5
/system/keymaster/legacy_support/rsa_keymaster0_key.cpp
|
f54cc93ccf57a94f9a2c660dbf3e06494adf178d |
|
11-May-2017 |
Janis Danisevskis <jdanis@google.com> |
Reorganize keymaster directories Keymaster files have been reorganized into the following directories - android_keymaster The core android keymaster logic including some utilities that have no special libray dependencies - km_openssl Openssl based implementation primitives of android keymaster. These primitives can be used to implemented an openssl based software implementation of AndroidKeymaster. - legacy_support Primitives implemented in terms of older keymaster hal version. These primitives can be used to implement AndroidKeymaster in terms of keymaster 0 or 1 hals. They are used to provide wrappers around old keymaster hals, filling in missing features with software implementations. - contexts Implementations of various contexts from pure software to legacy hal hybrids. - key_blob_utils Support code for formatting keymaster key blobs including support for legacy android keymaster blob formats. Test: VtsHalKeymasterV3_0TargetTest Bug: 67358942 Change-Id: Ia8eacd301a5c5fa5f5f625caafcec5d07e168249
/system/keymaster/legacy_support/rsa_keymaster0_key.cpp
|