android_system_keymaster/soft_keymaster_device.cpp, branch cm-13.0 Unnamed repository; edit this file 'description' to name the repository. Revert "Hack to work around broken bullhead keymaster app." 2015-08-14T02:44:03+00:00 Jim Miller jaggies@google.com 2015-08-14T02:44:03+00:00 e748085f5ee441a2c0a1380e9da824fd07877873 This reverts commit 3fceedc788498733952279a97944f4ea22892577. Change-Id: Ie17dd16f8689810af9efe071a0d006e026782af6 
This reverts commit 3fceedc788498733952279a97944f4ea22892577.

Change-Id: Ie17dd16f8689810af9efe071a0d006e026782af6
Hack to work around broken bullhead keymaster app. 2015-08-14T02:37:17+00:00 Shawn Willden swillden@google.com 2015-08-14T02:34:21+00:00 3fceedc788498733952279a97944f4ea22892577 Bug: 23193626 Change-Id: I71564a7ff6b3050c5fbb7bd0c12caca5a663334a 
Bug: 23193626
Change-Id: I71564a7ff6b3050c5fbb7bd0c12caca5a663334a
Do digesting, and sometimes padding, in SW when HW doesnt. 2015-08-13T13:49:10+00:00 Shawn Willden swillden@google.com 2015-07-27T22:58:30+00:00 d599b15c0693950bdc72fb867872044fdc484ef5 The keymaster1 specification only requires HW modules to implement SHA256 out of the list of keymaster1 digest modes. That would force many keys to be software only, and would break legacy scenarios. This change uses SoftKeymasterDevice to front keymaster modules that don't implement the full suite of digests, quietly inserting KM_DIGEST_NONE and KM_PAD_NONE into key generation/import requests when necessary, then performing the digesting, and sometimes padding, in software, then delegating crypto operations to the hardware. This is only done for RSA and EC keys. Software digesting isn't possible for HMAC or AES-GCM keys. Note that this is not the complete fix for the bug. Some changes in keystore are also required, coming in another CL. Bug: 22529223 Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d 
The keymaster1 specification only requires HW modules to implement
SHA256 out of the list of keymaster1 digest modes.  That would force
many keys to be software only, and would break legacy scenarios.  This
change uses SoftKeymasterDevice to front keymaster modules that don't
implement the full suite of digests, quietly inserting KM_DIGEST_NONE
and KM_PAD_NONE into key generation/import requests when necessary, then
performing the digesting, and sometimes padding, in software, then
delegating crypto operations to the hardware.

This is only done for RSA and EC keys.  Software digesting isn't
possible for HMAC or AES-GCM keys.

Note that this is not the complete fix for the bug.  Some changes in
keystore are also required, coming in another CL.

Bug: 22529223
Change-Id: I740572eb11341fb0659085309da01d5cbcd3854d
Make NONE mean NONE only (not ANY) 2015-07-28T18:57:24+00:00 Shawn Willden swillden@google.com 2015-07-20T15:10:32+00:00 5cf45028751471f79d9f8a390f64fe9412acd53a KM_DIGEST_NONE and KM_PAD_NONE have implicit meanings of "any digest" and "any padding", respectively, as well as the expected meanings of "no digest" and "no padding". This CL changes that so they mean only "no digest" and "no padding". Bug: 22556114 Change-Id: I7b0b4c079067d85ba1aa39ae7edf0c6b17a9a500 
KM_DIGEST_NONE and KM_PAD_NONE have implicit meanings of "any digest"
and "any padding", respectively, as well as the expected meanings of "no
digest" and "no padding".  This CL changes that so they mean only "no
digest" and "no padding".

Bug: 22556114
Change-Id: I7b0b4c079067d85ba1aa39ae7edf0c6b17a9a500
Implement delete_key and delete_all_keys in SoftKeymasterDevice. 2015-07-06T17:41:03+00:00 Shawn Willden swillden@google.com 2015-07-06T17:35:10+00:00 d091b0a3c7efe608a474d4ca051951405e304a5d Bug: 22294523 Change-Id: Ifab60b904e37c7ecca0b8138817af3d3b48199c0 
Bug: 22294523
Change-Id: Ifab60b904e37c7ecca0b8138817af3d3b48199c0
Add authorization enforcement to AndroidKeymaster. 2015-06-26T15:37:01+00:00 Shawn Willden swillden@google.com 2015-06-25T13:26:05+00:00 ada4850659d484dd5ece26dde73072bef16c1517 Note: Moving List.h into system/keymaster is unfortunate, but required to allow Trusty to use it. b/22088154 tracks cleaning this up. Bug: 19511945 Change-Id: Ia1dfe5fda5ea78935611b0a7656b323770edcbae 
Note: Moving List.h into system/keymaster is unfortunate, but required
to allow Trusty to use it.  b/22088154 tracks cleaning this up.

Bug: 19511945
Change-Id: Ia1dfe5fda5ea78935611b0a7656b323770edcbae
Refactor AndroidKeymaster so all methods use message objects. 2015-06-17T15:27:04+00:00 Shawn Willden swillden@google.com 2015-06-17T12:39:48+00:00 36d41e230417ac3b86a1425ebf60fff6d92377ec Methods with simple argument or return types eschewed message objects, but this complicates the TrustyKeymaster implementation by requiring it to build its own system for marshalling and unmarshalling. Bug: 14674558 Change-Id: I5a88523c9d1a76c8629ff6f93040ceb3c2a9426b 
Methods with simple argument or return types eschewed message objects,
but this complicates the TrustyKeymaster implementation by requiring it
to build its own system for marshalling and unmarshalling.

Bug: 14674558
Change-Id: I5a88523c9d1a76c8629ff6f93040ceb3c2a9426b
Use wrapped keymaster0 device's value of KEYMASTER_SOFTWARE_ONLY 2015-06-04T18:38:21+00:00 Chad Brubaker cbrubaker@google.com 2015-06-04T18:35:50+00:00 239375761a65801827769dccf79d183dcdeba769 SoftKeymasterDevice always sets KEYMASTER_SOFTWARE_ONLY but this isn't true when wrapping a keymaster0 hardware device. This breaks CTS. Note this with how the wrapper is implemented _some_ keys from the wrapped adapter will be software backed and there is no way to tell in keychain where it'll land. Bug: 21635583 Change-Id: Ic2e38d4ffe12536eea37e688aaf17c2516f3194b 
SoftKeymasterDevice always sets KEYMASTER_SOFTWARE_ONLY but this isn't
true when wrapping a keymaster0 hardware device. This breaks CTS.

Note this with how the wrapper is implemented _some_ keys from the
wrapped adapter will be software backed and there is no way to tell in
keychain where it'll land.

Bug: 21635583
Change-Id: Ic2e38d4ffe12536eea37e688aaf17c2516f3194b
Fix missing delete_keypair and delete_all 2015-06-04T17:23:23+00:00 Chad Brubaker cbrubaker@google.com 2015-06-04T17:19:32+00:00 62b1922b3e458fac65ab284879f0bd96ea4033f0 delete_keypair and delete_all always existed in SoftKeymasterDevice and always returned an error, this causes keystore's delete to fail because it gives the impression the key was unable to be deleted. Instead SoftKeymasterDevice will track these two optional methods, if they exist int the underlying device then SoftKeymasterDevice will expose them and simply pass though, otherwise the methods will be null in the SoftKeymasterDevice's device. Bug: 21634519 Change-Id: I5ecb86644d5a3b6a517aa040b08b0902443e5be1 
delete_keypair and delete_all always existed in SoftKeymasterDevice and
always returned an error, this causes keystore's delete to fail because
it gives the impression the key was unable to be deleted.

Instead SoftKeymasterDevice will track these two optional methods, if
they exist int the underlying device then SoftKeymasterDevice will
expose them and simply pass though, otherwise the methods will be null
in the SoftKeymasterDevice's device.

Bug: 21634519
Change-Id: I5ecb86644d5a3b6a517aa040b08b0902443e5be1
Update SoftKeymasterDevice to track keymaster1 API changes. 2015-06-03T04:35:51+00:00 Shawn Willden swillden@google.com 2015-06-01T20:42:16+00:00 0e2ee44913880a582488a9cb7e1ffe0711111891 Change-Id: I8472a75ea60c73794ce31cacab9bcaad8482358f 
Change-Id: I8472a75ea60c73794ce31cacab9bcaad8482358f